gitlab-rails-ce-fips-18.11

Direct Vulnerabilities

Known vulnerabilities in the gitlab-rails-ce-fips-18.11 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
Improper Input Validation

<18.11.6-r6
  • L
GHSA-xhf5-7wjv-pqxp

<18.11.6-r6
  • L
CVE-2026-47262

<18.11.6-r6
  • L
GHSA-jpcc-p29g-p8mq

<18.11.6-r6
  • C
CVE-2025-9287

<18.11.6-r5
  • L
GHSA-cpq7-6gpm-g9rc

<18.11.6-r5
  • C
CVE-2025-9288

<18.11.6-r4
  • L
GHSA-95m3-7q98-8xr5

<18.11.6-r4
  • L
CVE-2026-47429

<18.11.6-r3
  • L
GHSA-5xrq-8626-4rwp

<18.11.6-r3
  • L
Symlink Following

<18.11.6-r2
  • L
GHSA-33vj-92qq-66hc

<18.11.6-r2
  • L
Improper Input Validation

<18.11.6-r2
  • L
GHSA-cvxm-645q-p574

<18.11.6-r2
  • L
GHSA-rgh6-rfwx-v388

<18.11.6-r2
  • L
CVE-2026-50195

<18.11.6-r2
  • L
GHSA-9cx6-37pm-9jff

<18.11.6-r1
  • L
Improper Check for Unusual or Exceptional Conditions

<18.11.6-r1
  • L
Arbitrary Code Injection

<18.11.6-r1
  • L
Arbitrary Code Injection

<18.11.6-r1
  • L
GHSA-7rx3-28cr-v5wh

<18.11.6-r1
  • L
GHSA-2qvq-rjwj-gvw9

<18.11.6-r1
  • L
Arbitrary Code Injection

<18.11.6-r1
  • L
GHSA-442j-39wm-28r2

<18.11.6-r1
  • M
Cross-site Scripting (XSS)

<18.11.6-r1
  • L
GHSA-3mfm-83xf-c92r

<18.11.6-r1
  • L
GHSA-xjpj-3mr7-gcpf

<18.11.6-r1
  • L
GHSA-2w6w-674q-4c4q

<18.11.6-r1
  • L
GHSA-xhpv-hc6g-r9c6

<18.11.6-r1
  • H
Cross-site Scripting (XSS)

<18.11.6-r1
  • L
GHSA-f5wc-c3c7-36mc

<18.11.4-r0
  • L
GHSA-78mq-xcr3-xm33

<18.11.4-r0
  • L
GHSA-w879-237q-wc7r

<18.11.4-r0
  • L
GHSA-vgwf-h737-ff37

<18.11.4-r0
  • L
GHSA-rm3j-f69w-wqmq

<18.11.4-r0
  • L
GHSA-qpw4-5x99-6vjp

<18.11.4-r0
  • L
GHSA-q4h4-gmj2-qvw2

<18.11.4-r0
  • L
GHSA-89gr-r52h-f8rx

<18.11.4-r0
  • L
GHSA-hfvc-g4fc-pqhx

<18.11.6-r0
  • L
GHSA-f2g3-hh2r-cwgc

<18.11.6-r0
  • L
Server-Side Request Forgery (SSRF)

<18.11.6-r0
  • L
Uncontrolled Memory Allocation

<18.11.6-r0
  • L
GHSA-5wrp-cwcj-q835

<18.11.6-r0
  • L
Improper Access Control

<18.11.6-r0
  • M
Incorrect Authorization

<18.11.6-r0
  • L
GHSA-3p65-76g6-3w7r

<18.11.6-r0
  • H
Untrusted Search Path

<18.11.6-r0
  • L
GHSA-6pjf-3r9x-m592

<18.11.6-r0
  • L
GHSA-5rv5-xj5j-3484

<18.11.5-r2
  • L
GHSA-98m9-hrrm-r99r

<18.11.5-r2
  • L
Server-Side Request Forgery (SSRF)

<18.11.5-r2
  • L
Uncontrolled Recursion

<18.11.5-r2
  • L
GHSA-33mh-2634-fwr2

<18.11.5-r2
  • M
Server-Side Request Forgery (SSRF)

<18.11.5-r2
  • L
GHSA-84xv-jfrm-h4gm

<18.11.5-r1
  • C
Directory Traversal

<18.11.5-r1
  • L
GHSA-2vqw-3mp8-cgmx

<18.11.5-r1
  • L
CVE-2026-47737

<18.11.5-r1
  • L
CVE-2026-47736

<18.11.5-r1
  • L
GHSA-qpgp-93vx-g8v8

<18.11.5-r1
  • L
Improper Neutralization

<18.11.5-r0
  • L
GHSA-8p34-64r3-mwg8

<18.11.5-r0
  • L
GHSA-46q3-7gv7-qmgg

<18.11.5-r0
  • L
Arbitrary Command Injection

<18.11.5-r0
  • L
CVE-2026-45363

<18.11.5-r0
  • L
GHSA-c4fp-cxrr-mj66

<18.11.5-r0
  • L
GHSA-v2fc-qm4h-8hqv

<18.11.5-r0
  • L
GHSA-c4rq-3m3g-8wgx

<18.11.5-r0
  • L
GHSA-c32j-vqhx-rx3x

<18.11.5-r0
  • L
Arbitrary Command Injection

<18.11.5-r0
  • L
CVE-2026-42507

<18.11.4-r2
  • L
GHSA-h3gm-q7m7-mp28

<18.11.4-r2
  • L
GHSA-4279-q6mj-392r

<18.11.4-r2
  • L
CVE-2026-27145

<18.11.4-r2
  • L
Improper Certificate Validation

<18.11.4-r0
  • L
Improper Verification of Cryptographic Signature

<18.11.4-r0
  • L
Deserialization of Untrusted Data

<18.11.4-r0
  • L
Incorrect Type Conversion or Cast

<18.11.4-r0
  • L
Improper Enforcement of Message Integrity During Transmission in a Communication Channel

<18.11.4-r0
  • L
Integer Overflow or Wraparound

<18.11.4-r0
  • L
Out-of-Bounds

<18.11.4-r0
  • L
Missing Authorization

<18.11.4-r0
  • L
GHSA-crhj-59gh-8x96

<18.11.3-r4
  • L
Directory Traversal

<18.11.3-r4
  • C
Improper Encoding or Escaping of Output

<18.11.3-r4
  • L
GHSA-m7cr-m3pv-hgrp

<18.11.3-r4
  • L
GHSA-fqw6-gf59-qr4w

<18.11.3-r3
  • L
Improper Privilege Management

<18.11.3-r3
  • M
Allocation of Resources Without Limits or Throttling

<18.11.3-r2
  • L
GHSA-q2mw-fvj9-vvcw

<18.11.3-r2
  • L
GHSA-75xq-5h9v-w6px

<18.11.3-r2
  • L
GHSA-87pf-fpwv-p7m7

<18.11.3-r2
  • C
Arbitrary Command Injection

<18.11.3-r2
  • C
Arbitrary Command Injection

<18.11.3-r2
  • H
Missing Report of Error Condition

<18.11.3-r2
  • H
Algorithmic Complexity

<18.11.3-r2
  • L
GHSA-vcgp-9326-pqcp

<18.11.3-r2
  • L
GHSA-hm49-wcqc-g2xg

<18.11.3-r2
  • L
GHSA-m3xc-h892-ggx6

<18.11.3-r1
  • L
Uncontrolled Recursion

<18.11.3-r1
  • H
Incorrect Behavior Order: Validate Before Canonicalize

<18.11.3-r1
  • L
GHSA-qw64-3x98-g7q2

<18.11.3-r1
  • L
Directory Traversal

<18.11.3-r1
  • L
GHSA-389r-gv7p-r3rp

<18.11.3-r1
  • H
NULL Pointer Dereference

<18.11.2-r2
  • L
GHSA-mh2q-q3fh-2475

<18.11.2-r2
  • M
Out-of-bounds Write

<18.11.2-r2
  • L
GHSA-qf3q-3h68-mmh2

<18.11.2-r2
  • L
GHSA-3xc5-wrhm-f963

<18.11.2-r2
  • L
GHSA-qc64-m6c2-v4x7

<18.11.2-r2
  • L
GHSA-5m4p-2gjx-p2g8

<18.11.2-r2
  • L
CVE-2026-42499

<18.11.2-r2
  • L
Allocation of Resources Without Limits or Throttling

<18.11.2-r2
  • L
GHSA-p9h5-jm8x-mjm5

<18.11.2-r2
  • L
CVE-2026-42501

<18.11.2-r2
  • H
Insufficiently Protected Credentials

<18.11.2-r2
  • M
Link Following

<18.11.2-r2
  • L
GHSA-xq5j-9r39-c3vf

<18.11.2-r2
  • H
Allocation of Resources Without Limits or Throttling

<18.11.2-r2
  • L
GHSA-8g2r-hhvj-mv99

<18.11.2-r2
  • L
GHSA-526f-jxpj-jmg2

<18.11.2-r1
  • L
Directory Traversal

<18.11.2-r1