Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:alpm/archlinux/gitlab@14.10.2-1
Typealpm
Namespacearchlinux
Namegitlab
Version14.10.2-1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version15.2.1-1
Latest_non_vulnerable_version15.2.1-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1tja-ztb9-myhy
vulnerability_id VCID-1tja-ztb9-myhy
summary An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1431
reference_id
reference_type
scores
0
value 0.00329
scoring_system epss
scoring_elements 0.5586
published_at 2026-04-24T12:55:00Z
1
value 0.00329
scoring_system epss
scoring_elements 0.55783
published_at 2026-04-01T12:55:00Z
2
value 0.00329
scoring_system epss
scoring_elements 0.55895
published_at 2026-04-02T12:55:00Z
3
value 0.00329
scoring_system epss
scoring_elements 0.55917
published_at 2026-04-04T12:55:00Z
4
value 0.00329
scoring_system epss
scoring_elements 0.55896
published_at 2026-04-07T12:55:00Z
5
value 0.00329
scoring_system epss
scoring_elements 0.55947
published_at 2026-04-08T12:55:00Z
6
value 0.00329
scoring_system epss
scoring_elements 0.55949
published_at 2026-04-09T12:55:00Z
7
value 0.00329
scoring_system epss
scoring_elements 0.55958
published_at 2026-04-11T12:55:00Z
8
value 0.00329
scoring_system epss
scoring_elements 0.55938
published_at 2026-04-12T12:55:00Z
9
value 0.00329
scoring_system epss
scoring_elements 0.5592
published_at 2026-04-13T12:55:00Z
10
value 0.00329
scoring_system epss
scoring_elements 0.55957
published_at 2026-04-16T12:55:00Z
11
value 0.00329
scoring_system epss
scoring_elements 0.5596
published_at 2026-04-18T12:55:00Z
12
value 0.00329
scoring_system epss
scoring_elements 0.55934
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1431
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.10.2-1
purl pkg:alpm/archlinux/gitlab@14.10.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.10.2-1
aliases CVE-2022-1431
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1tja-ztb9-myhy
1
url VCID-221v-5q8x-5ygz
vulnerability_id VCID-221v-5q8x-5ygz
summary Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1417
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51503
published_at 2026-04-24T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51419
published_at 2026-04-01T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.5147
published_at 2026-04-02T12:55:00Z
3
value 0.00281
scoring_system epss
scoring_elements 0.51497
published_at 2026-04-04T12:55:00Z
4
value 0.00281
scoring_system epss
scoring_elements 0.51457
published_at 2026-04-07T12:55:00Z
5
value 0.00281
scoring_system epss
scoring_elements 0.51511
published_at 2026-04-08T12:55:00Z
6
value 0.00281
scoring_system epss
scoring_elements 0.51509
published_at 2026-04-09T12:55:00Z
7
value 0.00281
scoring_system epss
scoring_elements 0.51552
published_at 2026-04-11T12:55:00Z
8
value 0.00281
scoring_system epss
scoring_elements 0.51531
published_at 2026-04-12T12:55:00Z
9
value 0.00281
scoring_system epss
scoring_elements 0.51519
published_at 2026-04-13T12:55:00Z
10
value 0.00281
scoring_system epss
scoring_elements 0.51563
published_at 2026-04-16T12:55:00Z
11
value 0.00281
scoring_system epss
scoring_elements 0.51571
published_at 2026-04-18T12:55:00Z
12
value 0.00281
scoring_system epss
scoring_elements 0.5155
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1417
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.10.2-1
purl pkg:alpm/archlinux/gitlab@14.10.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.10.2-1
aliases CVE-2022-1417
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-221v-5q8x-5ygz
2
url VCID-2gxb-vk9m-c3hd
vulnerability_id VCID-2gxb-vk9m-c3hd
summary An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not performing correct authorizations on scheduled pipelines allowing a malicious user to run a pipeline in the context of another user.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1460
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49448
published_at 2026-04-24T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.49396
published_at 2026-04-01T12:55:00Z
2
value 0.00261
scoring_system epss
scoring_elements 0.49424
published_at 2026-04-02T12:55:00Z
3
value 0.00261
scoring_system epss
scoring_elements 0.49451
published_at 2026-04-04T12:55:00Z
4
value 0.00261
scoring_system epss
scoring_elements 0.49404
published_at 2026-04-07T12:55:00Z
5
value 0.00261
scoring_system epss
scoring_elements 0.49459
published_at 2026-04-21T12:55:00Z
6
value 0.00261
scoring_system epss
scoring_elements 0.49454
published_at 2026-04-09T12:55:00Z
7
value 0.00261
scoring_system epss
scoring_elements 0.49472
published_at 2026-04-11T12:55:00Z
8
value 0.00261
scoring_system epss
scoring_elements 0.49443
published_at 2026-04-12T12:55:00Z
9
value 0.00261
scoring_system epss
scoring_elements 0.49445
published_at 2026-04-13T12:55:00Z
10
value 0.00261
scoring_system epss
scoring_elements 0.49491
published_at 2026-04-16T12:55:00Z
11
value 0.00261
scoring_system epss
scoring_elements 0.49489
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1460
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.10.2-1
purl pkg:alpm/archlinux/gitlab@14.10.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.10.2-1
aliases CVE-2022-1460
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2gxb-vk9m-c3hd
3
url VCID-4xun-1v5s-uqbt
vulnerability_id VCID-4xun-1v5s-uqbt
summary An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS vulnerability (CVE-2022-1175) to persist and execute.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1433
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45265
published_at 2026-04-24T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45264
published_at 2026-04-01T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.45346
published_at 2026-04-02T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45366
published_at 2026-04-09T12:55:00Z
4
value 0.00226
scoring_system epss
scoring_elements 0.45309
published_at 2026-04-07T12:55:00Z
5
value 0.00226
scoring_system epss
scoring_elements 0.45364
published_at 2026-04-08T12:55:00Z
6
value 0.00226
scoring_system epss
scoring_elements 0.45387
published_at 2026-04-11T12:55:00Z
7
value 0.00226
scoring_system epss
scoring_elements 0.45356
published_at 2026-04-12T12:55:00Z
8
value 0.00226
scoring_system epss
scoring_elements 0.45357
published_at 2026-04-13T12:55:00Z
9
value 0.00226
scoring_system epss
scoring_elements 0.45409
published_at 2026-04-16T12:55:00Z
10
value 0.00226
scoring_system epss
scoring_elements 0.45404
published_at 2026-04-18T12:55:00Z
11
value 0.00226
scoring_system epss
scoring_elements 0.45354
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1433
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.10.2-1
purl pkg:alpm/archlinux/gitlab@14.10.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.10.2-1
aliases CVE-2022-1433
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4xun-1v5s-uqbt
4
url VCID-62y5-e7f4-7kbz
vulnerability_id VCID-62y5-e7f4-7kbz
summary Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1413
reference_id
reference_type
scores
0
value 0.00209
scoring_system epss
scoring_elements 0.43257
published_at 2026-04-24T12:55:00Z
1
value 0.00209
scoring_system epss
scoring_elements 0.43275
published_at 2026-04-01T12:55:00Z
2
value 0.00209
scoring_system epss
scoring_elements 0.43332
published_at 2026-04-02T12:55:00Z
3
value 0.00209
scoring_system epss
scoring_elements 0.4336
published_at 2026-04-04T12:55:00Z
4
value 0.00209
scoring_system epss
scoring_elements 0.43299
published_at 2026-04-07T12:55:00Z
5
value 0.00209
scoring_system epss
scoring_elements 0.43351
published_at 2026-04-08T12:55:00Z
6
value 0.00209
scoring_system epss
scoring_elements 0.43365
published_at 2026-04-09T12:55:00Z
7
value 0.00209
scoring_system epss
scoring_elements 0.43386
published_at 2026-04-11T12:55:00Z
8
value 0.00209
scoring_system epss
scoring_elements 0.43355
published_at 2026-04-12T12:55:00Z
9
value 0.00209
scoring_system epss
scoring_elements 0.43339
published_at 2026-04-13T12:55:00Z
10
value 0.00209
scoring_system epss
scoring_elements 0.43399
published_at 2026-04-16T12:55:00Z
11
value 0.00209
scoring_system epss
scoring_elements 0.43388
published_at 2026-04-18T12:55:00Z
12
value 0.00209
scoring_system epss
scoring_elements 0.43323
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1413
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.10.2-1
purl pkg:alpm/archlinux/gitlab@14.10.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.10.2-1
aliases CVE-2022-1413
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-62y5-e7f4-7kbz
5
url VCID-a4kg-mmhm-jqhp
vulnerability_id VCID-a4kg-mmhm-jqhp
summary Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1352
reference_id
reference_type
scores
0
value 0.00209
scoring_system epss
scoring_elements 0.43268
published_at 2026-04-24T12:55:00Z
1
value 0.00209
scoring_system epss
scoring_elements 0.43289
published_at 2026-04-01T12:55:00Z
2
value 0.00209
scoring_system epss
scoring_elements 0.43346
published_at 2026-04-02T12:55:00Z
3
value 0.00209
scoring_system epss
scoring_elements 0.43374
published_at 2026-04-04T12:55:00Z
4
value 0.00209
scoring_system epss
scoring_elements 0.43312
published_at 2026-04-07T12:55:00Z
5
value 0.00209
scoring_system epss
scoring_elements 0.43364
published_at 2026-04-08T12:55:00Z
6
value 0.00209
scoring_system epss
scoring_elements 0.43379
published_at 2026-04-09T12:55:00Z
7
value 0.00209
scoring_system epss
scoring_elements 0.43399
published_at 2026-04-11T12:55:00Z
8
value 0.00209
scoring_system epss
scoring_elements 0.43367
published_at 2026-04-12T12:55:00Z
9
value 0.00209
scoring_system epss
scoring_elements 0.43352
published_at 2026-04-13T12:55:00Z
10
value 0.00209
scoring_system epss
scoring_elements 0.43411
published_at 2026-04-16T12:55:00Z
11
value 0.00209
scoring_system epss
scoring_elements 0.434
published_at 2026-04-18T12:55:00Z
12
value 0.00209
scoring_system epss
scoring_elements 0.43334
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1352
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.10.2-1
purl pkg:alpm/archlinux/gitlab@14.10.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.10.2-1
aliases CVE-2022-1352
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a4kg-mmhm-jqhp
6
url VCID-bvmd-gmg3-eue2
vulnerability_id VCID-bvmd-gmg3-eue2
summary An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some certain amount of information which allowed an user to authenticate without a personal access token.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1426
reference_id
reference_type
scores
0
value 0.00201
scoring_system epss
scoring_elements 0.42106
published_at 2026-04-24T12:55:00Z
1
value 0.00201
scoring_system epss
scoring_elements 0.42157
published_at 2026-04-01T12:55:00Z
2
value 0.00201
scoring_system epss
scoring_elements 0.42215
published_at 2026-04-02T12:55:00Z
3
value 0.00201
scoring_system epss
scoring_elements 0.42244
published_at 2026-04-09T12:55:00Z
4
value 0.00201
scoring_system epss
scoring_elements 0.42186
published_at 2026-04-07T12:55:00Z
5
value 0.00201
scoring_system epss
scoring_elements 0.42236
published_at 2026-04-08T12:55:00Z
6
value 0.00201
scoring_system epss
scoring_elements 0.42267
published_at 2026-04-11T12:55:00Z
7
value 0.00201
scoring_system epss
scoring_elements 0.42231
published_at 2026-04-12T12:55:00Z
8
value 0.00201
scoring_system epss
scoring_elements 0.42202
published_at 2026-04-13T12:55:00Z
9
value 0.00201
scoring_system epss
scoring_elements 0.42253
published_at 2026-04-16T12:55:00Z
10
value 0.00201
scoring_system epss
scoring_elements 0.42228
published_at 2026-04-18T12:55:00Z
11
value 0.00201
scoring_system epss
scoring_elements 0.4216
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1426
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.10.2-1
purl pkg:alpm/archlinux/gitlab@14.10.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.10.2-1
aliases CVE-2022-1426
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bvmd-gmg3-eue2
7
url VCID-hawe-rs16-37bf
vulnerability_id VCID-hawe-rs16-37bf
summary Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1416
reference_id
reference_type
scores
0
value 0.00153
scoring_system epss
scoring_elements 0.3571
published_at 2026-04-24T12:55:00Z
1
value 0.00153
scoring_system epss
scoring_elements 0.35894
published_at 2026-04-01T12:55:00Z
2
value 0.00153
scoring_system epss
scoring_elements 0.36085
published_at 2026-04-02T12:55:00Z
3
value 0.00153
scoring_system epss
scoring_elements 0.36115
published_at 2026-04-04T12:55:00Z
4
value 0.00153
scoring_system epss
scoring_elements 0.3595
published_at 2026-04-07T12:55:00Z
5
value 0.00153
scoring_system epss
scoring_elements 0.36
published_at 2026-04-08T12:55:00Z
6
value 0.00153
scoring_system epss
scoring_elements 0.36023
published_at 2026-04-09T12:55:00Z
7
value 0.00153
scoring_system epss
scoring_elements 0.36029
published_at 2026-04-11T12:55:00Z
8
value 0.00153
scoring_system epss
scoring_elements 0.35991
published_at 2026-04-12T12:55:00Z
9
value 0.00153
scoring_system epss
scoring_elements 0.35965
published_at 2026-04-13T12:55:00Z
10
value 0.00153
scoring_system epss
scoring_elements 0.36004
published_at 2026-04-16T12:55:00Z
11
value 0.00153
scoring_system epss
scoring_elements 0.3599
published_at 2026-04-18T12:55:00Z
12
value 0.00153
scoring_system epss
scoring_elements 0.35939
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1416
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.10.2-1
purl pkg:alpm/archlinux/gitlab@14.10.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.10.2-1
aliases CVE-2022-1416
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hawe-rs16-37bf
8
url VCID-rc6v-b3x8-87bu
vulnerability_id VCID-rc6v-b3x8-87bu
summary An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1124
reference_id
reference_type
scores
0
value 0.00245
scoring_system epss
scoring_elements 0.4777
published_at 2026-04-24T12:55:00Z
1
value 0.00245
scoring_system epss
scoring_elements 0.47719
published_at 2026-04-01T12:55:00Z
2
value 0.00245
scoring_system epss
scoring_elements 0.47757
published_at 2026-04-02T12:55:00Z
3
value 0.00245
scoring_system epss
scoring_elements 0.47777
published_at 2026-04-12T12:55:00Z
4
value 0.00245
scoring_system epss
scoring_elements 0.47726
published_at 2026-04-07T12:55:00Z
5
value 0.00245
scoring_system epss
scoring_elements 0.4778
published_at 2026-04-08T12:55:00Z
6
value 0.00245
scoring_system epss
scoring_elements 0.47776
published_at 2026-04-09T12:55:00Z
7
value 0.00245
scoring_system epss
scoring_elements 0.47801
published_at 2026-04-11T12:55:00Z
8
value 0.00245
scoring_system epss
scoring_elements 0.47787
published_at 2026-04-21T12:55:00Z
9
value 0.00245
scoring_system epss
scoring_elements 0.47842
published_at 2026-04-16T12:55:00Z
10
value 0.00245
scoring_system epss
scoring_elements 0.47834
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1124
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.10.2-1
purl pkg:alpm/archlinux/gitlab@14.10.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.10.2-1
aliases CVE-2022-1124
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rc6v-b3x8-87bu
9
url VCID-svws-7gd2-r3f5
vulnerability_id VCID-svws-7gd2-r3f5
summary An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package requests which resulted in limits not being enforced.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1428
reference_id
reference_type
scores
0
value 0.00139
scoring_system epss
scoring_elements 0.33662
published_at 2026-04-24T12:55:00Z
1
value 0.00139
scoring_system epss
scoring_elements 0.33811
published_at 2026-04-01T12:55:00Z
2
value 0.00139
scoring_system epss
scoring_elements 0.34149
published_at 2026-04-02T12:55:00Z
3
value 0.00139
scoring_system epss
scoring_elements 0.34181
published_at 2026-04-04T12:55:00Z
4
value 0.00139
scoring_system epss
scoring_elements 0.34041
published_at 2026-04-07T12:55:00Z
5
value 0.00139
scoring_system epss
scoring_elements 0.34084
published_at 2026-04-08T12:55:00Z
6
value 0.00139
scoring_system epss
scoring_elements 0.34115
published_at 2026-04-09T12:55:00Z
7
value 0.00139
scoring_system epss
scoring_elements 0.34113
published_at 2026-04-11T12:55:00Z
8
value 0.00139
scoring_system epss
scoring_elements 0.34071
published_at 2026-04-18T12:55:00Z
9
value 0.00139
scoring_system epss
scoring_elements 0.34047
published_at 2026-04-13T12:55:00Z
10
value 0.00139
scoring_system epss
scoring_elements 0.34083
published_at 2026-04-16T12:55:00Z
11
value 0.00139
scoring_system epss
scoring_elements 0.34035
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1428
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.10.2-1
purl pkg:alpm/archlinux/gitlab@14.10.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.10.2-1
aliases CVE-2022-1428
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-svws-7gd2-r3f5
10
url VCID-wt3g-99mt-uug6
vulnerability_id VCID-wt3g-99mt-uug6
summary Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project CI/CD variables by importing a malicious project
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1406
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.43935
published_at 2026-04-24T12:55:00Z
1
value 0.00215
scoring_system epss
scoring_elements 0.43975
published_at 2026-04-01T12:55:00Z
2
value 0.00215
scoring_system epss
scoring_elements 0.44024
published_at 2026-04-02T12:55:00Z
3
value 0.00215
scoring_system epss
scoring_elements 0.44046
published_at 2026-04-04T12:55:00Z
4
value 0.00215
scoring_system epss
scoring_elements 0.43977
published_at 2026-04-07T12:55:00Z
5
value 0.00215
scoring_system epss
scoring_elements 0.44028
published_at 2026-04-08T12:55:00Z
6
value 0.00215
scoring_system epss
scoring_elements 0.4403
published_at 2026-04-09T12:55:00Z
7
value 0.00215
scoring_system epss
scoring_elements 0.44045
published_at 2026-04-11T12:55:00Z
8
value 0.00215
scoring_system epss
scoring_elements 0.44013
published_at 2026-04-12T12:55:00Z
9
value 0.00215
scoring_system epss
scoring_elements 0.43996
published_at 2026-04-13T12:55:00Z
10
value 0.00215
scoring_system epss
scoring_elements 0.44058
published_at 2026-04-16T12:55:00Z
11
value 0.00215
scoring_system epss
scoring_elements 0.44049
published_at 2026-04-18T12:55:00Z
12
value 0.00215
scoring_system epss
scoring_elements 0.43983
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1406
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.10.2-1
purl pkg:alpm/archlinux/gitlab@14.10.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.10.2-1
aliases CVE-2022-1406
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wt3g-99mt-uug6
11
url VCID-wvtd-44nu-ckgb
vulnerability_id VCID-wvtd-44nu-ckgb
summary Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1423
reference_id
reference_type
scores
0
value 0.00093
scoring_system epss
scoring_elements 0.25973
published_at 2026-04-24T12:55:00Z
1
value 0.00093
scoring_system epss
scoring_elements 0.26174
published_at 2026-04-01T12:55:00Z
2
value 0.00093
scoring_system epss
scoring_elements 0.26255
published_at 2026-04-02T12:55:00Z
3
value 0.00093
scoring_system epss
scoring_elements 0.26296
published_at 2026-04-04T12:55:00Z
4
value 0.00093
scoring_system epss
scoring_elements 0.26066
published_at 2026-04-07T12:55:00Z
5
value 0.00093
scoring_system epss
scoring_elements 0.26133
published_at 2026-04-08T12:55:00Z
6
value 0.00093
scoring_system epss
scoring_elements 0.26181
published_at 2026-04-09T12:55:00Z
7
value 0.00093
scoring_system epss
scoring_elements 0.26189
published_at 2026-04-11T12:55:00Z
8
value 0.00093
scoring_system epss
scoring_elements 0.26143
published_at 2026-04-12T12:55:00Z
9
value 0.00093
scoring_system epss
scoring_elements 0.26085
published_at 2026-04-13T12:55:00Z
10
value 0.00093
scoring_system epss
scoring_elements 0.26091
published_at 2026-04-16T12:55:00Z
11
value 0.00093
scoring_system epss
scoring_elements 0.26069
published_at 2026-04-18T12:55:00Z
12
value 0.00093
scoring_system epss
scoring_elements 0.26034
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1423
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.10.2-1
purl pkg:alpm/archlinux/gitlab@14.10.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.10.2-1
aliases CVE-2022-1423
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wvtd-44nu-ckgb
12
url VCID-ykza-d472-n7a4
vulnerability_id VCID-ykza-d472-n7a4
summary An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1510
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.43951
published_at 2026-04-24T12:55:00Z
1
value 0.00215
scoring_system epss
scoring_elements 0.43991
published_at 2026-04-01T12:55:00Z
2
value 0.00215
scoring_system epss
scoring_elements 0.44039
published_at 2026-04-02T12:55:00Z
3
value 0.00215
scoring_system epss
scoring_elements 0.44062
published_at 2026-04-11T12:55:00Z
4
value 0.00215
scoring_system epss
scoring_elements 0.43993
published_at 2026-04-07T12:55:00Z
5
value 0.00215
scoring_system epss
scoring_elements 0.44044
published_at 2026-04-08T12:55:00Z
6
value 0.00215
scoring_system epss
scoring_elements 0.44046
published_at 2026-04-09T12:55:00Z
7
value 0.00215
scoring_system epss
scoring_elements 0.44029
published_at 2026-04-12T12:55:00Z
8
value 0.00215
scoring_system epss
scoring_elements 0.44013
published_at 2026-04-13T12:55:00Z
9
value 0.00215
scoring_system epss
scoring_elements 0.44075
published_at 2026-04-16T12:55:00Z
10
value 0.00215
scoring_system epss
scoring_elements 0.44065
published_at 2026-04-18T12:55:00Z
11
value 0.00215
scoring_system epss
scoring_elements 0.44
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1510
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.10.2-1
purl pkg:alpm/archlinux/gitlab@14.10.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.10.2-1
aliases CVE-2022-1510
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykza-d472-n7a4
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.10.2-1