Loading...
Loading...
GitLab platform (GitLab Security Advisories)
Generated Jul 6, 2026Cohort: 9 vendors with ≥10 CVE advisoriesMethodology ↗
Total all-time: 485 CVEs with GitLab Security advisories. Source: NVD CVE records joined with vendor advisory publish dates.
27.6% of GitLab Security's 485 CVEs are CRITICAL or HIGH severity. Industry median: 42.7%. Source: NVD CVSS v3.1.
2 of 468 GitLab Security CVEs in the last 3 years are on CISA's Known Exploited Vulnerabilities catalog (0.4%). Industry median: 1.1%.
Source: CISA Known Exploited Vulnerabilities catalog (current snapshot). KEV listing means CISA observed active in-the-wild exploitation.
Median time from CVE disclosure to GitLab Security advisory: 41 days (p25 17 days – p75 122 days). Industry median: 30 days.
Sample size: 19 CVE→advisory pairs over the last 3 years. Source: vendor advisory published_at minus CVE published.
Most-frequently mapped CWEs across GitLab Security's last 3 years of CVE disclosures. Source: NVD — CWE mapping per MITRE taxonomy.
Latest advisories published by GitLab Security, straight from the vendor's own feed. Severity labels are the vendor's — scales differ across vendors.
GitLab Patch Release: 18.11.3, 18.10.6, 18.9.7
GitLab Patch Release: 18.11.2, 18.10.5
GitLab Patch Release: 18.11.1, 18.10.4, 18.9.6
GitLab Patch Release: 18.10.3, 18.9.5, 18.8.9
GitLab Patch Release: 18.10.1, 18.9.3, 18.8.7
GitLab Patch Release: 18.9.2, 18.8.6, 18.7.6
GitLab Patch Release: 18.9.1, 18.8.5, 18.7.5
GitLab Patch Release: 18.8.4, 18.7.4, 18.6.6
Full advisory archive: /pulse/vendor-advisories →
Snapshot generated Jul 6, 2026. Industry medians refresh every 6 hours; raw vendor counts are queried live on each request.
Spot a factual error in this report?
Email [email protected] with the specific number you're disputing and a link to the authoritative source. We review every report and publish corrections on the methodology page.