diff --git a/.eslint_todo/vue-require-name-property.mjs b/.eslint_todo/vue-require-name-property.mjs
index ea735e87929d71b9cf20b705bf6a9d571c1a5e21..dc9a2f03a8d4b5a47b5b5d4d46c96c3358954daa 100644
--- a/.eslint_todo/vue-require-name-property.mjs
+++ b/.eslint_todo/vue-require-name-property.mjs
@@ -1944,7 +1944,6 @@ export default {
     'ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_counts.vue',
     'ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_filters.vue',
     'ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list.vue',
-    'ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql.vue',
     'ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list_status.vue',
     'ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_report_header.vue',
     'ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_report_tab.vue',
diff --git a/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list.vue b/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list.vue
index e76b02bc7eebd84c6b68a7c26a79ddf4747d3a7c..34d759633ed6aad48885ee5a57e39e275370e69f 100644
--- a/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list.vue
+++ b/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list.vue
@@ -128,6 +128,11 @@ export default {
         sortDesc: true,
       }),
     },
+    loadingMoreCount: {
+      type: Number,
+      required: false,
+      default: 0,
+    },
   },
   data() {
     return {
@@ -607,7 +612,13 @@ export default {
       </template>
     </gl-table>
 
-    <filters-produced-no-results v-else-if="hasVulnerabilities" />
-    <dashboard-has-no-vulnerabilities v-else />
+    <div v-if="loadingMoreCount > 0" data-testid="loading-more-skeleton">
+      <gl-skeleton-loader v-for="n in loadingMoreCount" :key="`loading-more-${n}`" :lines="2" />
+    </div>
+
+    <template v-if="!shouldShowTable">
+      <filters-produced-no-results v-if="hasVulnerabilities" />
+      <dashboard-has-no-vulnerabilities v-else />
+    </template>
   </div>
 </template>
diff --git a/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql.vue b/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql.vue
index 8fe77102f4d61472d498df2dd89807c4c34e9f3d..3ec61e2511d214de185b6094f5b8f46735441b59 100644
--- a/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql.vue
+++ b/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql.vue
@@ -1,6 +1,7 @@
 <script>
 import { GlKeysetPagination } from '@gitlab/ui';
 import { get, isEqual } from 'lodash';
+import produce from 'immer';
 import { createAlert } from '~/alert';
 import { s__ } from '~/locale';
 import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
@@ -13,7 +14,6 @@ import {
   DASHBOARD_TYPE_INSTANCE,
   DASHBOARD_TYPE_PIPELINE,
 } from 'ee/security_dashboard/constants';
-import { isPolicyViolationFilterEnabled } from 'ee/security_dashboard/utils';
 import LocalStorageSync from '~/vue_shared/components/local_storage_sync.vue';
 import PageSizeSelector from '~/vue_shared/components/page_size_selector.vue';
 import { DEFAULT_PAGE_SIZE } from '~/vue_shared/issuable/list/constants';
@@ -21,6 +21,7 @@ import VulnerabilityList from './vulnerability_list.vue';
 import { FIELDS } from './constants';
 
 export const PAGE_SIZE_STORAGE_KEY = 'vulnerability_list_page_size';
+export const MAX_GRAPHQL_REQUEST_SIZE = 50;
 
 const GRAPHQL_DATA_PATH = {
   [DASHBOARD_TYPE_PROJECT]: 'project.vulnerabilities',
@@ -30,6 +31,7 @@ const GRAPHQL_DATA_PATH = {
 };
 
 export default {
+  name: 'VulnerabilityListGraphql',
   components: {
     VulnerabilityList,
     GlKeysetPagination,
@@ -77,21 +79,12 @@ export default {
     },
   },
   data() {
-    // Temporarily exclude page size 100 when one of these 3 features are enabled to avoid
-    // potential GraphQL complexity issues. See https://gitlab.com/gitlab-org/gitlab/-/issues/580593.
-    if (
-      isPolicyViolationFilterEnabled() ||
-      this.glFeatures.aiExperimentSastFpDetection ||
-      this.glFeatures.autoDismissVulnerabilityPolicies
-    ) {
-      const pageSize = Number(localStorage.getItem(PAGE_SIZE_STORAGE_KEY) ?? DEFAULT_PAGE_SIZE);
-      localStorage.setItem(PAGE_SIZE_STORAGE_KEY, Math.min(pageSize, 50));
-    }
-
     return {
       vulnerabilities: [],
       pageInfo: {},
       pageSize: Number(localStorage.getItem(PAGE_SIZE_STORAGE_KEY) ?? DEFAULT_PAGE_SIZE),
+      isLoadingSecondBatch: false,
+      secondBatchFetched: false,
     };
   },
   apollo: {
@@ -109,6 +102,22 @@ export default {
 
         return vulnerabilities.nodes;
       },
+      result({ data, loading }) {
+        if (!loading && data && this.shouldBatch && !this.secondBatchFetched) {
+          const { nodes, pageInfo } = this.getVulnerabilitiesFromData(data);
+
+          if (nodes.length === MAX_GRAPHQL_REQUEST_SIZE) {
+            const cursor = this.isForwardPagination ? pageInfo.endCursor : pageInfo.startCursor;
+            const hasMoreItems = this.isForwardPagination
+              ? pageInfo.hasNextPage
+              : pageInfo.hasPreviousPage;
+
+            if (hasMoreItems) {
+              this.fetchSecondBatch(cursor);
+            }
+          }
+        }
+      },
       error({ message }) {
         const fallbackMessage = s__(
           'SecurityReports|Error fetching the vulnerability list. Please check your network connection and try again.',
@@ -162,7 +171,17 @@ export default {
       },
     },
     isLoadingVulnerabilities() {
-      return this.$apollo.queries.vulnerabilities.loading;
+      // Don't show full loading state when fetching second batch - we already have data to display
+      return this.$apollo.queries.vulnerabilities.loading && !this.isLoadingSecondBatch;
+    },
+    shouldBatch() {
+      return this.pageSize > MAX_GRAPHQL_REQUEST_SIZE;
+    },
+    isForwardPagination() {
+      return !this.before;
+    },
+    requestSize() {
+      return this.shouldBatch ? MAX_GRAPHQL_REQUEST_SIZE : this.pageSize;
     },
     queryVariables() {
       return {
@@ -176,8 +195,8 @@ export default {
         // If we're using "after" we need to use "first", and if we're using "before" we need to
         // use "last". See this comment for more info:
         // https://gitlab.com/gitlab-org/gitlab/-/merge_requests/79834#note_831878506
-        first: this.before ? null : this.pageSize,
-        last: this.before ? this.pageSize : null,
+        first: this.before ? null : this.requestSize,
+        last: this.before ? this.requestSize : null,
         before: this.before,
         after: this.after,
         ...this.filters,
@@ -187,12 +206,11 @@ export default {
     hasPagination() {
       return this.pageInfo.hasPreviousPage || this.pageInfo.hasNextPage;
     },
-    limitLargePageSize() {
-      return (
-        isPolicyViolationFilterEnabled() ||
-        this.glFeatures.aiExperimentSastFpDetection ||
-        this.glFeatures.autoDismissVulnerabilityPolicies
-      );
+    secondBatchLoadingCount() {
+      if (!this.isLoadingSecondBatch) {
+        return 0;
+      }
+      return Math.max(0, this.pageSize - this.vulnerabilities.length);
     },
   },
   watch: {
@@ -210,19 +228,34 @@ export default {
         this.resetPaging();
       }
     },
+    pageSize() {
+      this.secondBatchFetched = false;
+      this.isLoadingSecondBatch = false;
+      this.resetPaging();
+
+      // Force a network refetch to get fresh data and pageInfo for the new page size.
+      // This is needed because:
+      // 1. queryVariables may not change (requestSize stays 50 for both 50 and 100)
+      // 2. Cached data from batch merging has incorrect pageInfo for the new page size
+      // The result handler will trigger second batch fetch if needed.
+      this.$apollo.queries.vulnerabilities.refetch();
+    },
     queryVariables(newVariables, oldVariables) {
       // For some reason queryVariables is called twice, but the first time the variables won't
       // change. We'll only emit the event the second time after the variables have changed.
       if (!isEqual(newVariables, oldVariables)) {
         this.$emit('query-variables-changed', newVariables);
+        // Reset second batch state when query variables change (new page, filters, etc.)
+        this.secondBatchFetched = false;
+        this.isLoadingSecondBatch = false;
       }
     },
   },
   methods: {
-    getNextPage() {
+    goToNextPage() {
       this.after = this.pageInfo.endCursor || this.before;
     },
-    getPrevPage() {
+    goToPrevPage() {
       this.before = this.pageInfo.startCursor || this.after;
     },
     resetPaging() {
@@ -235,8 +268,62 @@ export default {
     getVulnerabilitiesFromData(data) {
       return get(data, GRAPHQL_DATA_PATH[this.dashboardType]);
     },
+    async fetchSecondBatch(cursor) {
+      this.isLoadingSecondBatch = true;
+      this.secondBatchFetched = true;
+
+      try {
+        await this.$apollo.queries.vulnerabilities.fetchMore({
+          variables: {
+            ...this.queryVariables,
+            after: this.isForwardPagination ? cursor : null,
+            before: this.isForwardPagination ? null : cursor,
+            first: this.isForwardPagination ? MAX_GRAPHQL_REQUEST_SIZE : null,
+            last: this.isForwardPagination ? null : MAX_GRAPHQL_REQUEST_SIZE,
+          },
+          updateQuery: (firstBatchData, { fetchMoreResult: secondBatchData }) => {
+            return this.mergeResults(firstBatchData, secondBatchData);
+          },
+        });
+      } catch {
+        createAlert({
+          message: s__('SecurityReports|Error fetching additional vulnerabilities.'),
+        });
+      } finally {
+        this.isLoadingSecondBatch = false;
+      }
+    },
+    mergeResults(firstBatchData, secondBatchData) {
+      const path = GRAPHQL_DATA_PATH[this.dashboardType];
+
+      return produce(secondBatchData, (draft) => {
+        const first = get(firstBatchData, path);
+        const second = get(draft, path);
+
+        // Merge nodes and preserve pageInfo from the first batch for navigating
+        // in the opposite direction. Without this, clicking "Previous" (forward)
+        // or "Next" (backward) would skip the first batch's items.
+        //
+        // Forward pagination example (items 1-100):
+        // | Batch  | Items | startCursor | endCursor  |
+        // |--------|-------|-------------|------------|
+        // | First  | 1-50  | ✓ item 1    | item 50    |
+        // | Second | 51-100| item 51     | ✓ item 100 |
+        //
+        if (this.isForwardPagination) {
+          second.nodes.unshift(...first.nodes);
+          second.pageInfo.startCursor = first.pageInfo.startCursor;
+          second.pageInfo.hasPreviousPage = first.pageInfo.hasPreviousPage;
+        } else {
+          second.nodes.push(...first.nodes);
+          second.pageInfo.endCursor = first.pageInfo.endCursor;
+          second.pageInfo.hasNextPage = first.pageInfo.hasNextPage;
+        }
+      });
+    },
   },
   PAGE_SIZE_STORAGE_KEY,
+  MAX_GRAPHQL_REQUEST_SIZE,
 };
 </script>
 
@@ -250,12 +337,12 @@ export default {
       :page-size="pageSize"
       :should-show-project-namespace="showProjectNamespace"
       :portal-name="portalName"
+      :loading-more-count="secondBatchLoadingCount"
       @vulnerability-clicked="$emit('vulnerability-clicked', $event)"
     />
 
-    <!-- Temporary workaround to always show the PageSizeSelector so a user can reduce the page size
-    if the query fails due to complexity. See https://gitlab.com/gitlab-org/gitlab/-/issues/580975 -->
     <div
+      v-if="isLoadingVulnerabilities || vulnerabilities.length"
       class="gl-mt-6"
       :class="{
         'vulnerability-report-footer-mobile gl-relative gl-text-center': hasPagination,
@@ -263,20 +350,18 @@ export default {
       }"
     >
       <gl-keyset-pagination
-        v-if="isLoadingVulnerabilities || vulnerabilities.length"
         :has-previous-page="pageInfo.hasPreviousPage"
         :has-next-page="pageInfo.hasNextPage"
         :start-cursor="pageInfo.startCursor"
         :end-cursor="pageInfo.endCursor"
         :disabled="isLoadingVulnerabilities"
-        @next="getNextPage"
-        @prev="getPrevPage"
+        @next="goToNextPage"
+        @prev="goToPrevPage"
       />
 
       <local-storage-sync v-model="pageSize" :storage-key="$options.PAGE_SIZE_STORAGE_KEY">
         <page-size-selector
           v-model="pageSize"
-          :exclude-large-page-size="limitLargePageSize"
           :class="{ 'gl-absolute gl-right-0 gl-top-0': hasPagination }"
         />
       </local-storage-sync>
diff --git a/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql_spec.js b/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql_spec.js
index 43716aca5bfa8e34e9702723c2d57a7b4c8dae75..f9ca89d4df6d1202646d4d32ce16a32c33827f3d 100644
--- a/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql_spec.js
+++ b/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql_spec.js
@@ -5,9 +5,9 @@ import VueRouter from 'vue-router';
 import { shallowMount } from '@vue/test-utils';
 import VulnerabilityListGraphql, {
   PAGE_SIZE_STORAGE_KEY,
+  MAX_GRAPHQL_REQUEST_SIZE,
 } from 'ee/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql.vue';
 import VulnerabilityList from 'ee/security_dashboard/components/shared/vulnerability_report/vulnerability_list.vue';
-import { isPolicyViolationFilterEnabled } from 'ee/security_dashboard/utils';
 import PageSizeSelector from '~/vue_shared/components/page_size_selector.vue';
 import { DEFAULT_PAGE_SIZE } from '~/vue_shared/issuable/list/constants';
 import groupVulnerabilitiesQuery from 'ee/security_dashboard/graphql/queries/group_vulnerabilities.query.graphql';
@@ -20,7 +20,6 @@ import LocalStorageSync from '~/vue_shared/components/local_storage_sync.vue';
 import { vulnerabilities } from '../../mock_data';
 
 jest.mock('~/alert');
-jest.mock('ee/security_dashboard/utils');
 
 Vue.use(VueApollo);
 Vue.use(VueRouter);
@@ -443,45 +442,232 @@ describe('Vulnerability list GraphQL component', () => {
 
       expect(findLocalStorageSync().props('value')).toBe(pageSize);
     });
+  });
+
+  describe('sequential batch loading', () => {
+    const generateVulnerabilities = (count) =>
+      Array.from({ length: count }, (_, i) => ({
+        ...vulnerabilities[0],
+        id: `id_${i}`,
+        project: { id: `project-${i}`, nameWithNamespace: 'Test / Project' },
+      }));
+
+    const createResponse = (nodes, pageInfo = {}) => ({
+      data: {
+        group: {
+          id: 'group-1',
+          __typename: 'Group',
+          vulnerabilities: {
+            nodes,
+            pageInfo: {
+              __typename: 'PageInfo',
+              startCursor: 'start',
+              endCursor: 'end',
+              hasNextPage: false,
+              hasPreviousPage: false,
+              ...pageInfo,
+            },
+          },
+        },
+      },
+    });
 
-    it('is shown when loaded and there are no vulnerabilities', async () => {
-      createWrapper({ vulnerabilitiesHandler: createVulnerabilitiesRequestHandler({}, []) });
+    it('when page size is less than or equal to MAX_GRAPHQL_REQUEST_SIZE, does not batch', async () => {
+      createWrapper();
       await waitForPromises();
 
-      expect(findPageSizeSelector().exists()).toBe(true);
+      expect(vulnerabilitiesRequestHandler).toHaveBeenCalledTimes(1);
     });
-  });
 
-  describe('limit large page size', () => {
-    const scenarios = [
-      {
-        description: 'when aiExperimentSastFpDetection is enabled',
-        setup: () => ({ aiExperimentSastFpDetection: true }),
-      },
-      {
-        description: 'when isPolicyViolationFilterEnabled() is true',
-        setup: () => {
-          isPolicyViolationFilterEnabled.mockReturnValue(true);
-          return {};
-        },
-      },
-      {
-        description: 'when autoDismissVulnerabilityPolicies is enabled',
-        setup: () => ({ autoDismissVulnerabilityPolicies: true }),
-      },
-    ];
+    describe('when page size is greater than MAX_GRAPHQL_REQUEST_SIZE', () => {
+      const BATCH_PAGE_SIZE = 100;
+
+      beforeEach(() => {
+        localStorage.setItem(PAGE_SIZE_STORAGE_KEY, BATCH_PAGE_SIZE);
+      });
+
+      it('uses MAX_GRAPHQL_REQUEST_SIZE for first request when page size exceeds it', async () => {
+        const handler = jest.fn().mockResolvedValue(
+          createResponse(generateVulnerabilities(MAX_GRAPHQL_REQUEST_SIZE), {
+            endCursor: 'end-1',
+            hasNextPage: true,
+          }),
+        );
+        createWrapper({ vulnerabilitiesHandler: handler });
+        await waitForPromises();
+
+        expect(handler).toHaveBeenNthCalledWith(
+          1,
+          expect.objectContaining({ first: MAX_GRAPHQL_REQUEST_SIZE }),
+        );
+      });
+
+      it('fetches second batch after first batch loads when batching is enabled', async () => {
+        const handler = jest
+          .fn()
+          .mockResolvedValueOnce(
+            createResponse(generateVulnerabilities(MAX_GRAPHQL_REQUEST_SIZE), {
+              endCursor: 'end-1',
+              hasNextPage: true,
+            }),
+          )
+          .mockResolvedValueOnce(
+            createResponse(generateVulnerabilities(MAX_GRAPHQL_REQUEST_SIZE), {
+              hasNextPage: false,
+            }),
+          );
+        createWrapper({ vulnerabilitiesHandler: handler });
+        await waitForPromises();
+
+        expect(handler).toHaveBeenCalledTimes(2);
+        expect(handler).toHaveBeenNthCalledWith(
+          2,
+          expect.objectContaining({ after: 'end-1', first: MAX_GRAPHQL_REQUEST_SIZE }),
+        );
+      });
+
+      it('does not fetch second batch when first batch has fewer items than MAX_GRAPHQL_REQUEST_SIZE', async () => {
+        const handler = jest
+          .fn()
+          .mockResolvedValue(createResponse(generateVulnerabilities(30), { hasNextPage: false }));
+        createWrapper({ vulnerabilitiesHandler: handler });
+        await waitForPromises();
+
+        expect(handler).toHaveBeenCalledTimes(1);
+      });
 
-    describe.each(scenarios)('$description', ({ setup }) => {
-      it('sets excludeLargePageSize on page size selector', () => {
-        createWrapper(setup());
-        expect(findPageSizeSelector().props('excludeLargePageSize')).toBe(true);
+      it('passes loadingMoreCount to VulnerabilityList while loading second batch', async () => {
+        let resolveSecondBatch;
+        const handler = jest
+          .fn()
+          .mockResolvedValueOnce(
+            createResponse(generateVulnerabilities(MAX_GRAPHQL_REQUEST_SIZE), {
+              endCursor: 'end-1',
+              hasNextPage: true,
+            }),
+          )
+          .mockReturnValueOnce(
+            new Promise((resolve) => {
+              resolveSecondBatch = resolve;
+            }),
+          );
+        createWrapper({ vulnerabilitiesHandler: handler });
+        await waitForPromises();
+
+        expect(findVulnerabilityList().props('loadingMoreCount')).toBe(
+          BATCH_PAGE_SIZE - MAX_GRAPHQL_REQUEST_SIZE,
+        );
+
+        resolveSecondBatch(
+          createResponse(generateVulnerabilities(MAX_GRAPHQL_REQUEST_SIZE), { hasNextPage: false }),
+        );
+        await waitForPromises();
+
+        expect(findVulnerabilityList().props('loadingMoreCount')).toBe(0);
+      });
+
+      it('merges both batches into vulnerabilities', async () => {
+        const handler = jest
+          .fn()
+          .mockResolvedValueOnce(
+            createResponse(generateVulnerabilities(MAX_GRAPHQL_REQUEST_SIZE), {
+              endCursor: 'end-1',
+              hasNextPage: true,
+            }),
+          )
+          .mockResolvedValueOnce(
+            createResponse(generateVulnerabilities(MAX_GRAPHQL_REQUEST_SIZE), {
+              hasNextPage: false,
+            }),
+          );
+        createWrapper({ vulnerabilitiesHandler: handler });
+        await waitForPromises();
+
+        expect(findVulnerabilityList().props('vulnerabilities')).toHaveLength(
+          MAX_GRAPHQL_REQUEST_SIZE * 2,
+        );
+      });
+
+      it('uses MAX_GRAPHQL_REQUEST_SIZE for backward pagination when page size exceeds it', async () => {
+        const handler = jest.fn().mockResolvedValue(
+          createResponse(generateVulnerabilities(MAX_GRAPHQL_REQUEST_SIZE), {
+            startCursor: 'start-1',
+            hasPreviousPage: true,
+          }),
+        );
+        await router.push({ query: { before: 'some-cursor' } });
+        createWrapper({ vulnerabilitiesHandler: handler });
+        await waitForPromises();
+
+        expect(handler).toHaveBeenNthCalledWith(
+          1,
+          expect.objectContaining({ last: MAX_GRAPHQL_REQUEST_SIZE, first: null }),
+        );
+      });
+
+      it('fetches second batch for backward pagination when batching is enabled', async () => {
+        const handler = jest
+          .fn()
+          .mockResolvedValueOnce(
+            createResponse(generateVulnerabilities(MAX_GRAPHQL_REQUEST_SIZE), {
+              startCursor: 'start-1',
+              hasPreviousPage: true,
+            }),
+          )
+          .mockResolvedValueOnce(
+            createResponse(generateVulnerabilities(MAX_GRAPHQL_REQUEST_SIZE), {
+              hasPreviousPage: false,
+            }),
+          );
+        await router.push({ query: { before: 'some-cursor' } });
+        createWrapper({ vulnerabilitiesHandler: handler });
+        await waitForPromises();
+
+        expect(handler).toHaveBeenCalledTimes(2);
+        expect(handler).toHaveBeenNthCalledWith(
+          2,
+          expect.objectContaining({
+            before: 'start-1',
+            last: MAX_GRAPHQL_REQUEST_SIZE,
+            first: null,
+          }),
+        );
+      });
+
+      it('does not fetch second batch for backward pagination when first batch has fewer items', async () => {
+        const handler = jest
+          .fn()
+          .mockResolvedValue(
+            createResponse(generateVulnerabilities(30), { hasPreviousPage: false }),
+          );
+        await router.push({ query: { before: 'some-cursor' } });
+        createWrapper({ vulnerabilitiesHandler: handler });
+        await waitForPromises();
+
+        expect(handler).toHaveBeenCalledTimes(1);
       });
 
-      it('changes page size from 100 to 50', () => {
-        localStorage.setItem(PAGE_SIZE_STORAGE_KEY, 100);
-        createWrapper(setup());
+      it('merges both batches correctly for backward pagination', async () => {
+        const handler = jest
+          .fn()
+          .mockResolvedValueOnce(
+            createResponse(generateVulnerabilities(MAX_GRAPHQL_REQUEST_SIZE), {
+              startCursor: 'start-1',
+              hasPreviousPage: true,
+            }),
+          )
+          .mockResolvedValueOnce(
+            createResponse(generateVulnerabilities(MAX_GRAPHQL_REQUEST_SIZE), {
+              hasPreviousPage: false,
+            }),
+          );
+        await router.push({ query: { before: 'some-cursor' } });
+        createWrapper({ vulnerabilitiesHandler: handler });
+        await waitForPromises();
 
-        expect(findPageSizeSelector().props('value')).toBe(50);
+        expect(findVulnerabilityList().props('vulnerabilities')).toHaveLength(
+          MAX_GRAPHQL_REQUEST_SIZE * 2,
+        );
       });
     });
   });
diff --git a/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_spec.js b/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_spec.js
index e100def6475cea9c4a6d09bb83dfbd34f2cd9449..2d93046144fabc3dbbb27ce4b0cc71719fe8e11d 100644
--- a/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_spec.js
+++ b/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_spec.js
@@ -637,6 +637,36 @@ describe('Vulnerability list component', () => {
     });
   });
 
+  describe('loadingMoreCount prop', () => {
+    const findLoadingMoreSkeleton = () => wrapper.findByTestId('loading-more-skeleton');
+
+    it('does not show loading more skeletons when loadingMoreCount is `0`', () => {
+      createWrapper({ props: { vulnerabilities, loadingMoreCount: 0 } });
+
+      expect(findLoadingMoreSkeleton().exists()).toBe(false);
+    });
+
+    it('shows skeleton loaders when loadingMoreCount is greater than `0`', () => {
+      const loadingMoreCount = 50;
+      createWrapper({ props: { vulnerabilities, loadingMoreCount } });
+
+      expect(findLoadingMoreSkeleton().exists()).toBe(true);
+      expect(findLoadingMoreSkeleton().findAllComponents(GlSkeletonLoader)).toHaveLength(
+        loadingMoreCount,
+      );
+    });
+
+    it('shows vulnerabilities and loading skeletons together', () => {
+      const loadingMoreCount = 25;
+      createWrapper({ props: { vulnerabilities, loadingMoreCount } });
+
+      expect(findAllStatusCells()).toHaveLength(vulnerabilities.length);
+      expect(findLoadingMoreSkeleton().findAllComponents(GlSkeletonLoader)).toHaveLength(
+        loadingMoreCount,
+      );
+    });
+  });
+
   describe('operational vulnerabilities', () => {
     beforeEach(() => {
       createWrapper({
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 9d1307399db059629fd600526bb829a6d04f0fe9..ec9035189e621a14c49033e658b3e0478071ab2e 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -62592,6 +62592,9 @@ msgstr ""
 msgid "SecurityReports|Enter at least 3 characters to view available identifiers."
 msgstr ""
 
+msgid "SecurityReports|Error fetching additional vulnerabilities."
+msgstr ""
+
 msgid "SecurityReports|Error fetching the vulnerability counts. Please check your network connection and try again."
 msgstr ""