gitlab-container-registry-fips-18.7

Direct Vulnerabilities

Known vulnerabilities in the gitlab-container-registry-fips-18.7 package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Improper Neutralization	*
L Authorization Bypass Through User-Controlled Key	*
L Authorization Bypass Through User-Controlled Key	*
L Allocation of Resources Without Limits or Throttling	*
H Cross-site Scripting (XSS)	*
L Incorrect Authorization	*
L Resource Exhaustion	*
L CVE-2026-39821	*
L Missing Authorization	*
L CVE-2026-27145	*
L Improper Certificate Validation	*
L CVE-2026-42507	*
L Out-of-Bounds	*
L Improper Enforcement of Message Integrity During Transmission in a Communication Channel	*
L Improper Restriction of Rendered UI Layers or Frames	*
L CVE-2026-46595	*
L Improper Verification of Cryptographic Signature	*
L Incorrect Type Conversion or Cast	*
L CVE-2026-42504	*
L Improper Restriction of Rendered UI Layers or Frames	*
L CVE-2026-33815	*
L Use of a Broken or Risky Cryptographic Algorithm	*
L Deserialization of Untrusted Data	*
L Improper Certificate Validation	*
L Integer Overflow or Wraparound	*
L Improper Certificate Validation	*
M Use of a Broken or Risky Cryptographic Algorithm	*
L CVE-2026-46598	*
L Missing Authorization	*
L Improper Restriction of Rendered UI Layers or Frames	*
L Cross-site Scripting (XSS)	*
L CVE-2026-39824	*
L Allocation of Resources Without Limits or Throttling	*
L Use of Incorrectly-Resolved Name or Reference	*
L Incorrect Authorization	*
L Missing Authorization	*
L GHSA-xmrv-pmrh-hhx2	*
H Untrusted Search Path	*
L Allocation of Resources Without Limits or Throttling	*
H Improper Handling of Parameters	*
L Uncaught Exception	*
C SQL Injection	*
L CVE-2026-33816	*
H Loop with Unreachable Exit Condition ('Infinite Loop')	<18.7.6-r3
L Cross-site Scripting (XSS)	<18.7.6-r3
H Allocation of Resources Without Limits or Throttling	<18.7.6-r3
L CVE-2026-42499	<18.7.6-r3
L CVE-2026-39825	<18.7.6-r3
L CVE-2026-42501	<18.7.6-r3
L Improper Encoding or Escaping of Output	<18.7.6-r3
H Double Free	<18.7.6-r3
M Link Following	<18.7.6-r3
M Out-of-bounds Write	<18.7.6-r3
H NULL Pointer Dereference	<18.7.6-r3
L Allocation of Resources Without Limits or Throttling	*
C CVE-2026-27143	<18.7.6-r2
H Access of Resource Using Incompatible Type ('Type Confusion')	<18.7.6-r2
H Improper Certificate Validation	<18.7.6-r2
M Allocation of Resources Without Limits or Throttling	<18.7.6-r2
H Allocation of Resources Without Limits or Throttling	<18.7.6-r2
L CVE-2026-32280	<18.7.6-r2
H Incorrect Authorization	<18.7.6-r2
M Link Following	<18.7.6-r2
M Cross-site Scripting (XSS)	<18.7.6-r2
H Improper Certificate Validation	<18.7.6-r2
L Improper Authorization	<18.7.6-r1
L Untrusted Search Path	<18.7.6-r1
L Directory Traversal	<18.7.5-r1
L Direct Request ('Forced Browsing')	<18.7.5-r1
L Cross-site Scripting (XSS)	<18.7.5-r1
L Improper Certificate Validation	<18.7.5-r1
L Improper Certificate Validation	<18.7.5-r1
H Allocation of Resources Without Limits or Throttling	<18.7.4-r0
M Cross-site Scripting (XSS)	<18.7.4-r0
M Cross-site Scripting (XSS)	<18.7.4-r0
H Allocation of Resources Without Limits or Throttling	<18.7.4-r0
C CVE-2025-68121	<18.7.3-r1
L CVE-2025-61732	<18.7.3-r1
L Out-of-bounds Write	<18.7.2-r0
L Allocation of Resources Without Limits or Throttling	<18.7.2-r0
L CVE-2025-61730	<18.7.2-r0
L CVE-2025-61731	<18.7.2-r0
L Allocation of Resources Without Limits or Throttling	<18.7.2-r0
L Allocation of Resources Without Limits or Throttling	<18.7.2-r0
L Loop with Unreachable Exit Condition ('Infinite Loop')	<18.7.2-r0
L Unchecked Return Value	<18.7.2-r0
L Incorrect Authorization	<18.7.2-r0
H Allocation of Resources Without Limits or Throttling	<18.7.2-r0

gitlab-container-registry-fips-18.7

Direct Vulnerabilities

Fix vulnerabilities automatically