1,390 CVEs

4 in CISA KEV

GitLab Vulnerabilities

CVE security advisories and vulnerability history for GitLab.

1,390

Total CVEs

Published

4

In CISA KEV

Exploited in the wild

531

Public exploits

With known exploit

5.6

Avg CVSS

2014–2026

Overview

GitLab has 1,390 published CVE records since 2014, of which 4 are in CISA's Known Exploited Vulnerabilities catalog and 531 have a known public exploit. The average CVSS base score across scored CVEs is 5.6.

This page aggregates every publicly disclosed vulnerability (CVE) affecting GitLab products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of GitLab's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical26

High194

Medium642

Low166

362 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

4

4 of GitLab's CVEs are confirmed exploited in the wild.

Public exploits

531

531 of GitLab's CVEs have a known public exploit available.

Most affected products

The GitLab products with the most published CVEs.

GitLab1,376 CVEs
GitLab EE49 CVEs
GitLab CE/EE37 CVEs
GitLab CE32 CVEs
GitLab Community and Enterprise Editions13 CVEs
debian linux9 CVEs
GitLab Runner6 CVEs
gitlab-shell5 CVEs

Common weakness types

The CWE weakness categories most often found in GitLab CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish GitLab CVE records.

Disclosure activity by year

How many GitLab CVEs were published each year.

2019

165

2020

241

2021

157

2022

151

2023

181

2024

146

2025

166

2026

119

Latest GitLab CVEs

The most recently disclosed vulnerabilities affecting GitLab.

Incorrect Authorization in GitLab
CWE-863
Medium · CVSS 4.3
EPSS 0.0%2026-05-28
Allocation of Resources Without Limits or Throttling in GitLab
CWE-770
Medium · CVSS 6.5
EPSS 0.1%2026-05-27
Missing Authorization in GitLab
CWE-862
Medium · CVSS 4.3
EPSS 0.0%2026-05-27
Authorization Bypass Through User-Controlled Key in GitLab
CWE-639
High · CVSS 8.2
EPSS 0.0%2026-05-27
Missing Authorization in GitLab
CWE-862
Medium · CVSS 4.3
EPSS 0.0%2026-05-27
Incorrect Authorization in GitLab
CWE-863
Medium · CVSS 5.3
EPSS 0.0%2026-05-27
Use of Incorrectly-Resolved Name or Reference in GitLab
CWE-706
Medium · CVSS 4.3
EPSS 0.0%2026-05-27
Improper Control of Generation of Code ('Code Injection') in GitLab
CWE-94
Medium · CVSS 5.4
EPSS 0.0%2026-05-14
Authorization Bypass Through User-Controlled Key in GitLab
CWE-639
Medium · CVSS 4.3
EPSS 0.0%2026-05-14
Improper Validation of Specified Quantity in Input in GitLab
CWE-1284
High · CVSS 7.5
EPSS 0.0%2026-05-14
Allocation of Resources Without Limits or Throttling in GitLab
CWE-770
High · CVSS 7.5
EPSS 0.1%2026-05-14
Deserialization of Untrusted Data in GitLab
CWE-502
Medium · CVSS 6.5
EPSS 0.0%2026-05-14

Track new GitLab CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor GitLab CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

Jenkins project1,486 CVEs code-projects1,391 CVEs Red Hat1,386 CVEs netgear1,326 CVEs Samsung Mobile1,301 CVEs gitlab-org1,296 CVEs suse1,285 CVEs gnu1,241 CVEs

Browse all vendors

Frequently asked questions

Common questions about GitLab vulnerabilities.

How many CVEs does GitLab have?

GitLab has 1,390 published CVE records since 2014, including 285 in the last two years.

How many GitLab CVEs are in CISA KEV?

Yes — 4 of GitLab's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which GitLab products have the most CVEs?

The GitLab products with the most published CVEs are GitLab, GitLab EE, GitLab CE/EE, GitLab CE, GitLab Community and Enterprise Editions.

What are the most common weakness types in GitLab CVEs?

GitLab's CVEs most often map to these CWE weakness types: CWE-770 (Allocation of Resources Without Limits or Throttling), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-863 (Incorrect Authorization), CWE-862 (Missing Authorization).

Are there public exploits for GitLab vulnerabilities?

Yes — 531 of GitLab's CVEs have a known public exploit.

How many critical GitLab vulnerabilities are there?

GitLab has 26 critical and 194 high-severity CVEs.

What is the average severity of GitLab CVEs?

The average CVSS base score across GitLab's scored CVEs is 5.6.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track GitLab vulnerabilities

Monitor new GitLab vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing