VuXML: Gitlab -- vulnerabilities

Affected packages

18.7.0

gitlab-ce

18.7.1

18.6.0

gitlab-ce

18.6.3

8.3.0

gitlab-ce

18.5.5

18.7.0

gitlab-ee

18.7.1

18.6.0

gitlab-ee

18.6.3

8.3.0

gitlab-ee

18.5.5

Details

VuXML ID	c9b610e9-eebc-11f0-b051-2cf05da270f3
Discovery	2026-01-07
Entry	2026-01-11

VuXML ID

c9b610e9-eebc-11f0-b051-2cf05da270f3

Discovery

2026-01-07

Entry

2026-01-11

Gitlab reports:

Stored Cross-site Scripting issue in GitLab Flavored Markdown placeholders impacts GitLab CE/EE

Cross-site Scripting issue in Web IDE impacts GitLab CE/EE

Missing Authorization issue in Duo Workflows API impacts GitLab EE

Missing Authorization issue in AI GraphQL mutation impacts GitLab EE

Denial of Service issue in import functionality impacts GitLab CE/EE

Insufficient Access Control Granularity issue in GraphQL runnerUpdate mutation impacts GitLab CE/EE

Information Disclosure issue in Mermaid diagram rendering impacts GitLab CE/EE

[source]

References

CVE Name

CVE-2025-10569

CVE Name

CVE-2025-11246

CVE Name

CVE-2025-13761

CVE Name

CVE-2025-13772

CVE Name

CVE-2025-13781

CVE Name

CVE-2025-3950

CVE Name

CVE-2025-9222

URL

https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/