gitlab-certificates-18.8

Direct Vulnerabilities

Known vulnerabilities in the gitlab-certificates-18.8 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
Missing Authorization

*
  • L
Cross-site Scripting (XSS)

*
  • L
Use of Incorrectly-Resolved Name or Reference

*
  • L
Incorrect Authorization

*
  • L
Authorization Bypass Through User-Controlled Key

*
  • L
Allocation of Resources Without Limits or Throttling

*
  • L
Authorization Bypass Through User-Controlled Key

*
  • M
Improper Neutralization

*
  • H
Cross-site Scripting (XSS)

*
  • L
Allocation of Resources Without Limits or Throttling

*
  • L
Use of Incorrectly-Resolved Name or Reference

*
  • L
Incorrect Authorization

*
  • L
Allocation of Resources Without Limits or Throttling

*
  • L
Missing Authorization

*
  • H
NULL Pointer Dereference

<18.8.9-r1
  • L
Improper Encoding or Escaping of Output

<18.8.9-r1
  • M
Link Following

<18.8.9-r1
  • L
CVE-2026-39825

<18.8.9-r1
  • L
CVE-2026-42499

<18.8.9-r1
  • M
Out-of-bounds Write

<18.8.9-r1
  • L
CVE-2026-42501

<18.8.9-r1
  • H
Allocation of Resources Without Limits or Throttling

<18.8.9-r1
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

<18.8.9-r1
  • L
Cross-site Scripting (XSS)

<18.8.9-r1
  • H
Double Free

<18.8.9-r1
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<18.8.9-r0
  • C
CVE-2026-27143

<18.8.9-r0
  • H
Improper Certificate Validation

<18.8.9-r0
  • M
Cross-site Scripting (XSS)

<18.8.9-r0
  • H
Allocation of Resources Without Limits or Throttling

<18.8.9-r0
  • M
Allocation of Resources Without Limits or Throttling

<18.8.9-r0
  • H
Improper Certificate Validation

<18.8.9-r0
  • H
Incorrect Authorization

<18.8.9-r0
  • M
Link Following

<18.8.9-r0
  • L
CVE-2026-32280

<18.8.9-r0
  • M
Interpretation Conflict

<18.8.9-r0
  • H
Resource Exhaustion

<18.8.9-r0
  • L
Partial Comparison

<18.8.9-r0
  • L
Permissive Regular Expression

<18.8.9-r0
  • M
Improper Handling of Length Parameter Inconsistency

<18.8.9-r0
  • H
Permissive Regular Expression

<18.8.9-r0
  • H
Resource Exhaustion

<18.8.9-r0
  • L
Resource Exhaustion

<18.8.9-r0
  • L
Incorrect Behavior Order: Validate Before Canonicalize

<18.8.9-r0
  • H
Improper Handling of Parameters

<18.8.7-r0
  • C
Use of Externally-Controlled Format String

<18.8.6-r1
  • L
Improper Authorization

<18.8.6-r1
  • L
Untrusted Search Path

<18.8.6-r1
  • L
Improper Certificate Validation

<18.8.6-r0
  • L
Directory Traversal

<18.8.6-r0
  • L
Direct Request ('Forced Browsing')

<18.8.6-r0
  • L
Improper Certificate Validation

<18.8.6-r0
  • L
Cross-site Scripting (XSS)

<18.8.6-r0
  • L
Directory Traversal

<18.8.5-r0
  • L
Cross-site Scripting (XSS)

<18.8.5-r0
  • L
Improper Validation of Unsafe Equivalence in Input

<18.8.4-r0
  • H
Allocation of Resources Without Limits or Throttling

<18.8.4-r0
  • M
Cross-site Scripting (XSS)

<18.8.4-r0
  • M
Cross-site Scripting (XSS)

<18.8.4-r0
  • H
Allocation of Resources Without Limits or Throttling

<18.8.4-r0
  • L
CVE-2025-61732

<18.8.3-r1
  • C
CVE-2025-68121

<18.8.3-r1
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

<18.8.2-r0
  • L
Allocation of Resources Without Limits or Throttling

<18.8.2-r0
  • L
Incorrect Authorization

<18.8.2-r0
  • H
Allocation of Resources Without Limits or Throttling

<18.8.2-r0
  • L
Unchecked Return Value

<18.8.2-r0