Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:alpm/archlinux/gitlab@14.5.0-1
Typealpm
Namespacearchlinux
Namegitlab
Version14.5.0-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version14.5.2-1
Latest_non_vulnerable_version15.2.1-1
Affected_by_vulnerabilities
0
url VCID-17gb-vdxv-fqc4
vulnerability_id VCID-17gb-vdxv-fqc4
summary Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be accessed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39918
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45329
published_at 2026-04-21T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45239
published_at 2026-04-01T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.4532
published_at 2026-04-02T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45342
published_at 2026-04-04T12:55:00Z
4
value 0.00226
scoring_system epss
scoring_elements 0.45285
published_at 2026-04-07T12:55:00Z
5
value 0.00226
scoring_system epss
scoring_elements 0.4534
published_at 2026-04-09T12:55:00Z
6
value 0.00226
scoring_system epss
scoring_elements 0.45362
published_at 2026-04-11T12:55:00Z
7
value 0.00226
scoring_system epss
scoring_elements 0.4533
published_at 2026-04-12T12:55:00Z
8
value 0.00226
scoring_system epss
scoring_elements 0.45332
published_at 2026-04-13T12:55:00Z
9
value 0.00226
scoring_system epss
scoring_elements 0.45383
published_at 2026-04-16T12:55:00Z
10
value 0.00226
scoring_system epss
scoring_elements 0.45379
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39918
1
reference_url https://security.archlinux.org/AVG-2604
reference_id AVG-2604
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2604
fixed_packages
aliases CVE-2021-39918
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-17gb-vdxv-fqc4
1
url VCID-1f4t-7du8-q3ex
vulnerability_id VCID-1f4t-7du8-q3ex
summary A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted deploy Slash commands
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39938
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.33807
published_at 2026-04-21T12:55:00Z
1
value 0.00138
scoring_system epss
scoring_elements 0.33591
published_at 2026-04-01T12:55:00Z
2
value 0.00138
scoring_system epss
scoring_elements 0.33923
published_at 2026-04-02T12:55:00Z
3
value 0.00138
scoring_system epss
scoring_elements 0.33954
published_at 2026-04-04T12:55:00Z
4
value 0.00138
scoring_system epss
scoring_elements 0.33808
published_at 2026-04-07T12:55:00Z
5
value 0.00138
scoring_system epss
scoring_elements 0.3385
published_at 2026-04-08T12:55:00Z
6
value 0.00138
scoring_system epss
scoring_elements 0.33882
published_at 2026-04-09T12:55:00Z
7
value 0.00138
scoring_system epss
scoring_elements 0.33881
published_at 2026-04-11T12:55:00Z
8
value 0.00138
scoring_system epss
scoring_elements 0.33839
published_at 2026-04-18T12:55:00Z
9
value 0.00138
scoring_system epss
scoring_elements 0.33814
published_at 2026-04-13T12:55:00Z
10
value 0.00138
scoring_system epss
scoring_elements 0.33853
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39938
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.2-1
purl pkg:alpm/archlinux/gitlab@14.5.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.2-1
aliases CVE-2021-39938
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1f4t-7du8-q3ex
2
url VCID-5t99-3qbr-sfdj
vulnerability_id VCID-5t99-3qbr-sfdj
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39933
reference_id
reference_type
scores
0
value 0.00189
scoring_system epss
scoring_elements 0.40675
published_at 2026-04-21T12:55:00Z
1
value 0.00189
scoring_system epss
scoring_elements 0.4068
published_at 2026-04-01T12:55:00Z
2
value 0.00189
scoring_system epss
scoring_elements 0.40764
published_at 2026-04-02T12:55:00Z
3
value 0.00189
scoring_system epss
scoring_elements 0.40791
published_at 2026-04-11T12:55:00Z
4
value 0.00189
scoring_system epss
scoring_elements 0.40715
published_at 2026-04-07T12:55:00Z
5
value 0.00189
scoring_system epss
scoring_elements 0.40765
published_at 2026-04-08T12:55:00Z
6
value 0.00189
scoring_system epss
scoring_elements 0.40772
published_at 2026-04-09T12:55:00Z
7
value 0.00189
scoring_system epss
scoring_elements 0.40757
published_at 2026-04-12T12:55:00Z
8
value 0.00189
scoring_system epss
scoring_elements 0.40738
published_at 2026-04-13T12:55:00Z
9
value 0.00189
scoring_system epss
scoring_elements 0.40783
published_at 2026-04-16T12:55:00Z
10
value 0.00189
scoring_system epss
scoring_elements 0.40753
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39933
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.2-1
purl pkg:alpm/archlinux/gitlab@14.5.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.2-1
aliases CVE-2021-39933
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5t99-3qbr-sfdj
3
url VCID-6ns1-mx95-5ffe
vulnerability_id VCID-6ns1-mx95-5ffe
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39940
reference_id
reference_type
scores
0
value 0.00189
scoring_system epss
scoring_elements 0.40675
published_at 2026-04-21T12:55:00Z
1
value 0.00189
scoring_system epss
scoring_elements 0.4068
published_at 2026-04-01T12:55:00Z
2
value 0.00189
scoring_system epss
scoring_elements 0.40764
published_at 2026-04-02T12:55:00Z
3
value 0.00189
scoring_system epss
scoring_elements 0.40791
published_at 2026-04-11T12:55:00Z
4
value 0.00189
scoring_system epss
scoring_elements 0.40715
published_at 2026-04-07T12:55:00Z
5
value 0.00189
scoring_system epss
scoring_elements 0.40765
published_at 2026-04-08T12:55:00Z
6
value 0.00189
scoring_system epss
scoring_elements 0.40772
published_at 2026-04-09T12:55:00Z
7
value 0.00189
scoring_system epss
scoring_elements 0.40757
published_at 2026-04-12T12:55:00Z
8
value 0.00189
scoring_system epss
scoring_elements 0.40738
published_at 2026-04-13T12:55:00Z
9
value 0.00189
scoring_system epss
scoring_elements 0.40783
published_at 2026-04-16T12:55:00Z
10
value 0.00189
scoring_system epss
scoring_elements 0.40753
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39940
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.2-1
purl pkg:alpm/archlinux/gitlab@14.5.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.2-1
aliases CVE-2021-39940
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ns1-mx95-5ffe
4
url VCID-71j9-ra1c-6uhm
vulnerability_id VCID-71j9-ra1c-6uhm
summary Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39934
reference_id
reference_type
scores
0
value 0.00248
scoring_system epss
scoring_elements 0.48112
published_at 2026-04-21T12:55:00Z
1
value 0.00248
scoring_system epss
scoring_elements 0.48044
published_at 2026-04-01T12:55:00Z
2
value 0.00248
scoring_system epss
scoring_elements 0.48081
published_at 2026-04-02T12:55:00Z
3
value 0.00248
scoring_system epss
scoring_elements 0.48102
published_at 2026-04-04T12:55:00Z
4
value 0.00248
scoring_system epss
scoring_elements 0.48052
published_at 2026-04-07T12:55:00Z
5
value 0.00248
scoring_system epss
scoring_elements 0.48105
published_at 2026-04-08T12:55:00Z
6
value 0.00248
scoring_system epss
scoring_elements 0.481
published_at 2026-04-09T12:55:00Z
7
value 0.00248
scoring_system epss
scoring_elements 0.48123
published_at 2026-04-11T12:55:00Z
8
value 0.00248
scoring_system epss
scoring_elements 0.48099
published_at 2026-04-12T12:55:00Z
9
value 0.00248
scoring_system epss
scoring_elements 0.4811
published_at 2026-04-13T12:55:00Z
10
value 0.00248
scoring_system epss
scoring_elements 0.48163
published_at 2026-04-16T12:55:00Z
11
value 0.00248
scoring_system epss
scoring_elements 0.48158
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39934
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.2-1
purl pkg:alpm/archlinux/gitlab@14.5.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.2-1
aliases CVE-2021-39934
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71j9-ra1c-6uhm
5
url VCID-989x-8yn6-eqc8
vulnerability_id VCID-989x-8yn6-eqc8
summary A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39937
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.35609
published_at 2026-04-21T12:55:00Z
1
value 0.00151
scoring_system epss
scoring_elements 0.35511
published_at 2026-04-01T12:55:00Z
2
value 0.00151
scoring_system epss
scoring_elements 0.35713
published_at 2026-04-02T12:55:00Z
3
value 0.00151
scoring_system epss
scoring_elements 0.35738
published_at 2026-04-04T12:55:00Z
4
value 0.00151
scoring_system epss
scoring_elements 0.35619
published_at 2026-04-07T12:55:00Z
5
value 0.00151
scoring_system epss
scoring_elements 0.35665
published_at 2026-04-08T12:55:00Z
6
value 0.00151
scoring_system epss
scoring_elements 0.35688
published_at 2026-04-09T12:55:00Z
7
value 0.00151
scoring_system epss
scoring_elements 0.35698
published_at 2026-04-11T12:55:00Z
8
value 0.00151
scoring_system epss
scoring_elements 0.35653
published_at 2026-04-12T12:55:00Z
9
value 0.00151
scoring_system epss
scoring_elements 0.35631
published_at 2026-04-13T12:55:00Z
10
value 0.00151
scoring_system epss
scoring_elements 0.3567
published_at 2026-04-16T12:55:00Z
11
value 0.00151
scoring_system epss
scoring_elements 0.35661
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39937
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.2-1
purl pkg:alpm/archlinux/gitlab@14.5.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.2-1
aliases CVE-2021-39937
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-989x-8yn6-eqc8
6
url VCID-99uy-2jrp-u7cx
vulnerability_id VCID-99uy-2jrp-u7cx
summary Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39936
reference_id
reference_type
scores
0
value 0.00342
scoring_system epss
scoring_elements 0.56917
published_at 2026-04-21T12:55:00Z
1
value 0.00342
scoring_system epss
scoring_elements 0.56802
published_at 2026-04-01T12:55:00Z
2
value 0.00342
scoring_system epss
scoring_elements 0.56896
published_at 2026-04-02T12:55:00Z
3
value 0.00342
scoring_system epss
scoring_elements 0.56918
published_at 2026-04-04T12:55:00Z
4
value 0.00342
scoring_system epss
scoring_elements 0.56894
published_at 2026-04-07T12:55:00Z
5
value 0.00342
scoring_system epss
scoring_elements 0.56946
published_at 2026-04-08T12:55:00Z
6
value 0.00342
scoring_system epss
scoring_elements 0.56949
published_at 2026-04-09T12:55:00Z
7
value 0.00342
scoring_system epss
scoring_elements 0.56957
published_at 2026-04-11T12:55:00Z
8
value 0.00342
scoring_system epss
scoring_elements 0.56937
published_at 2026-04-12T12:55:00Z
9
value 0.00342
scoring_system epss
scoring_elements 0.56914
published_at 2026-04-13T12:55:00Z
10
value 0.00342
scoring_system epss
scoring_elements 0.56943
published_at 2026-04-16T12:55:00Z
11
value 0.00342
scoring_system epss
scoring_elements 0.5694
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39936
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.2-1
purl pkg:alpm/archlinux/gitlab@14.5.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.2-1
aliases CVE-2021-39936
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-99uy-2jrp-u7cx
7
url VCID-9mm8-knzf-a3gb
vulnerability_id VCID-9mm8-knzf-a3gb
summary Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39945
reference_id
reference_type
scores
0
value 0.00244
scoring_system epss
scoring_elements 0.47698
published_at 2026-04-21T12:55:00Z
1
value 0.00244
scoring_system epss
scoring_elements 0.47628
published_at 2026-04-01T12:55:00Z
2
value 0.00244
scoring_system epss
scoring_elements 0.47666
published_at 2026-04-02T12:55:00Z
3
value 0.00244
scoring_system epss
scoring_elements 0.47687
published_at 2026-04-09T12:55:00Z
4
value 0.00244
scoring_system epss
scoring_elements 0.47636
published_at 2026-04-07T12:55:00Z
5
value 0.00244
scoring_system epss
scoring_elements 0.47691
published_at 2026-04-08T12:55:00Z
6
value 0.00244
scoring_system epss
scoring_elements 0.47711
published_at 2026-04-11T12:55:00Z
7
value 0.00244
scoring_system epss
scoring_elements 0.47688
published_at 2026-04-12T12:55:00Z
8
value 0.00244
scoring_system epss
scoring_elements 0.47697
published_at 2026-04-13T12:55:00Z
9
value 0.00244
scoring_system epss
scoring_elements 0.47753
published_at 2026-04-16T12:55:00Z
10
value 0.00244
scoring_system epss
scoring_elements 0.47746
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39945
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.2-1
purl pkg:alpm/archlinux/gitlab@14.5.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.2-1
aliases CVE-2021-39945
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mm8-knzf-a3gb
8
url VCID-9wuq-32s1-nydy
vulnerability_id VCID-9wuq-32s1-nydy
summary Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39915
reference_id
reference_type
scores
0
value 0.00269
scoring_system epss
scoring_elements 0.50449
published_at 2026-04-21T12:55:00Z
1
value 0.00269
scoring_system epss
scoring_elements 0.50338
published_at 2026-04-01T12:55:00Z
2
value 0.00269
scoring_system epss
scoring_elements 0.50393
published_at 2026-04-02T12:55:00Z
3
value 0.00269
scoring_system epss
scoring_elements 0.50423
published_at 2026-04-04T12:55:00Z
4
value 0.00269
scoring_system epss
scoring_elements 0.50375
published_at 2026-04-07T12:55:00Z
5
value 0.00269
scoring_system epss
scoring_elements 0.50429
published_at 2026-04-08T12:55:00Z
6
value 0.00269
scoring_system epss
scoring_elements 0.50422
published_at 2026-04-09T12:55:00Z
7
value 0.00269
scoring_system epss
scoring_elements 0.50463
published_at 2026-04-11T12:55:00Z
8
value 0.00269
scoring_system epss
scoring_elements 0.5044
published_at 2026-04-12T12:55:00Z
9
value 0.00269
scoring_system epss
scoring_elements 0.50425
published_at 2026-04-13T12:55:00Z
10
value 0.00269
scoring_system epss
scoring_elements 0.50468
published_at 2026-04-16T12:55:00Z
11
value 0.00269
scoring_system epss
scoring_elements 0.50472
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39915
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.2-1
purl pkg:alpm/archlinux/gitlab@14.5.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.2-1
aliases CVE-2021-39915
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9wuq-32s1-nydy
9
url VCID-buuk-gsy3-w7bp
vulnerability_id VCID-buuk-gsy3-w7bp
summary In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39919
reference_id
reference_type
scores
0
value 0.00068
scoring_system epss
scoring_elements 0.208
published_at 2026-04-21T12:55:00Z
1
value 0.00068
scoring_system epss
scoring_elements 0.20853
published_at 2026-04-08T12:55:00Z
2
value 0.00068
scoring_system epss
scoring_elements 0.21004
published_at 2026-04-02T12:55:00Z
3
value 0.00068
scoring_system epss
scoring_elements 0.2106
published_at 2026-04-04T12:55:00Z
4
value 0.00068
scoring_system epss
scoring_elements 0.20774
published_at 2026-04-07T12:55:00Z
5
value 0.00068
scoring_system epss
scoring_elements 0.20915
published_at 2026-04-09T12:55:00Z
6
value 0.00068
scoring_system epss
scoring_elements 0.20931
published_at 2026-04-11T12:55:00Z
7
value 0.00068
scoring_system epss
scoring_elements 0.20887
published_at 2026-04-12T12:55:00Z
8
value 0.00068
scoring_system epss
scoring_elements 0.20836
published_at 2026-04-13T12:55:00Z
9
value 0.00068
scoring_system epss
scoring_elements 0.20826
published_at 2026-04-16T12:55:00Z
10
value 0.00068
scoring_system epss
scoring_elements 0.20818
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39919
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.2-1
purl pkg:alpm/archlinux/gitlab@14.5.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.2-1
aliases CVE-2021-39919
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-buuk-gsy3-w7bp
10
url VCID-gvwq-zqmf-ruak
vulnerability_id VCID-gvwq-zqmf-ruak
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39910
reference_id
reference_type
scores
0
value 0.0018
scoring_system epss
scoring_elements 0.39523
published_at 2026-04-21T12:55:00Z
1
value 0.0018
scoring_system epss
scoring_elements 0.3947
published_at 2026-04-01T12:55:00Z
2
value 0.0018
scoring_system epss
scoring_elements 0.3962
published_at 2026-04-02T12:55:00Z
3
value 0.0018
scoring_system epss
scoring_elements 0.39642
published_at 2026-04-04T12:55:00Z
4
value 0.0018
scoring_system epss
scoring_elements 0.39559
published_at 2026-04-07T12:55:00Z
5
value 0.0018
scoring_system epss
scoring_elements 0.39613
published_at 2026-04-08T12:55:00Z
6
value 0.0018
scoring_system epss
scoring_elements 0.39628
published_at 2026-04-09T12:55:00Z
7
value 0.0018
scoring_system epss
scoring_elements 0.39638
published_at 2026-04-11T12:55:00Z
8
value 0.0018
scoring_system epss
scoring_elements 0.39601
published_at 2026-04-12T12:55:00Z
9
value 0.0018
scoring_system epss
scoring_elements 0.39585
published_at 2026-04-13T12:55:00Z
10
value 0.0018
scoring_system epss
scoring_elements 0.39636
published_at 2026-04-16T12:55:00Z
11
value 0.0018
scoring_system epss
scoring_elements 0.39606
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39910
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.2-1
purl pkg:alpm/archlinux/gitlab@14.5.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.2-1
aliases CVE-2021-39910
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gvwq-zqmf-ruak
11
url VCID-h8td-pdxx-y7en
vulnerability_id VCID-h8td-pdxx-y7en
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39917
reference_id
reference_type
scores
0
value 0.00386
scoring_system epss
scoring_elements 0.59832
published_at 2026-04-21T12:55:00Z
1
value 0.00386
scoring_system epss
scoring_elements 0.59687
published_at 2026-04-01T12:55:00Z
2
value 0.00386
scoring_system epss
scoring_elements 0.5976
published_at 2026-04-02T12:55:00Z
3
value 0.00386
scoring_system epss
scoring_elements 0.59784
published_at 2026-04-04T12:55:00Z
4
value 0.00386
scoring_system epss
scoring_elements 0.59753
published_at 2026-04-07T12:55:00Z
5
value 0.00386
scoring_system epss
scoring_elements 0.59805
published_at 2026-04-08T12:55:00Z
6
value 0.00386
scoring_system epss
scoring_elements 0.59818
published_at 2026-04-09T12:55:00Z
7
value 0.00386
scoring_system epss
scoring_elements 0.59838
published_at 2026-04-11T12:55:00Z
8
value 0.00386
scoring_system epss
scoring_elements 0.59822
published_at 2026-04-12T12:55:00Z
9
value 0.00386
scoring_system epss
scoring_elements 0.59804
published_at 2026-04-13T12:55:00Z
10
value 0.00386
scoring_system epss
scoring_elements 0.59841
published_at 2026-04-16T12:55:00Z
11
value 0.00386
scoring_system epss
scoring_elements 0.59848
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39917
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.2-1
purl pkg:alpm/archlinux/gitlab@14.5.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.2-1
aliases CVE-2021-39917
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8td-pdxx-y7en
12
url VCID-j8nr-cgq2-ubf9
vulnerability_id VCID-j8nr-cgq2-ubf9
summary Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39930
reference_id
reference_type
scores
0
value 0.00245
scoring_system epss
scoring_elements 0.47834
published_at 2026-04-18T12:55:00Z
1
value 0.00245
scoring_system epss
scoring_elements 0.47719
published_at 2026-04-01T12:55:00Z
2
value 0.00245
scoring_system epss
scoring_elements 0.47757
published_at 2026-04-02T12:55:00Z
3
value 0.00245
scoring_system epss
scoring_elements 0.47777
published_at 2026-04-12T12:55:00Z
4
value 0.00245
scoring_system epss
scoring_elements 0.47726
published_at 2026-04-07T12:55:00Z
5
value 0.00245
scoring_system epss
scoring_elements 0.4778
published_at 2026-04-08T12:55:00Z
6
value 0.00245
scoring_system epss
scoring_elements 0.47776
published_at 2026-04-09T12:55:00Z
7
value 0.00245
scoring_system epss
scoring_elements 0.47801
published_at 2026-04-11T12:55:00Z
8
value 0.00245
scoring_system epss
scoring_elements 0.47787
published_at 2026-04-21T12:55:00Z
9
value 0.00245
scoring_system epss
scoring_elements 0.47842
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39930
1
reference_url https://security.archlinux.org/AVG-2604
reference_id AVG-2604
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2604
fixed_packages
aliases CVE-2021-39930
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8nr-cgq2-ubf9
13
url VCID-m6c7-dfbf-r7gr
vulnerability_id VCID-m6c7-dfbf-r7gr
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39931
reference_id
reference_type
scores
0
value 0.00253
scoring_system epss
scoring_elements 0.48608
published_at 2026-04-21T12:55:00Z
1
value 0.00253
scoring_system epss
scoring_elements 0.48538
published_at 2026-04-01T12:55:00Z
2
value 0.00253
scoring_system epss
scoring_elements 0.48574
published_at 2026-04-02T12:55:00Z
3
value 0.00253
scoring_system epss
scoring_elements 0.48597
published_at 2026-04-04T12:55:00Z
4
value 0.00253
scoring_system epss
scoring_elements 0.48549
published_at 2026-04-07T12:55:00Z
5
value 0.00253
scoring_system epss
scoring_elements 0.48603
published_at 2026-04-08T12:55:00Z
6
value 0.00253
scoring_system epss
scoring_elements 0.48599
published_at 2026-04-09T12:55:00Z
7
value 0.00253
scoring_system epss
scoring_elements 0.4862
published_at 2026-04-11T12:55:00Z
8
value 0.00253
scoring_system epss
scoring_elements 0.48593
published_at 2026-04-12T12:55:00Z
9
value 0.00253
scoring_system epss
scoring_elements 0.48606
published_at 2026-04-13T12:55:00Z
10
value 0.00253
scoring_system epss
scoring_elements 0.48656
published_at 2026-04-16T12:55:00Z
11
value 0.00253
scoring_system epss
scoring_elements 0.48651
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39931
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.2-1
purl pkg:alpm/archlinux/gitlab@14.5.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.2-1
aliases CVE-2021-39931
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m6c7-dfbf-r7gr
14
url VCID-n2jn-c1k6-67b9
vulnerability_id VCID-n2jn-c1k6-67b9
summary Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39916
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51549
published_at 2026-04-21T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51418
published_at 2026-04-01T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.51469
published_at 2026-04-02T12:55:00Z
3
value 0.00281
scoring_system epss
scoring_elements 0.51497
published_at 2026-04-04T12:55:00Z
4
value 0.00281
scoring_system epss
scoring_elements 0.51456
published_at 2026-04-07T12:55:00Z
5
value 0.00281
scoring_system epss
scoring_elements 0.5151
published_at 2026-04-08T12:55:00Z
6
value 0.00281
scoring_system epss
scoring_elements 0.51508
published_at 2026-04-09T12:55:00Z
7
value 0.00281
scoring_system epss
scoring_elements 0.51551
published_at 2026-04-11T12:55:00Z
8
value 0.00281
scoring_system epss
scoring_elements 0.5153
published_at 2026-04-12T12:55:00Z
9
value 0.00281
scoring_system epss
scoring_elements 0.51518
published_at 2026-04-13T12:55:00Z
10
value 0.00281
scoring_system epss
scoring_elements 0.51561
published_at 2026-04-16T12:55:00Z
11
value 0.00281
scoring_system epss
scoring_elements 0.5157
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39916
1
reference_url https://security.archlinux.org/AVG-2604
reference_id AVG-2604
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2604
fixed_packages
aliases CVE-2021-39916
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2jn-c1k6-67b9
15
url VCID-t8nq-hx26-kfc7
vulnerability_id VCID-t8nq-hx26-kfc7
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39935
reference_id
reference_type
scores
0
value 0.41434
scoring_system epss
scoring_elements 0.97378
published_at 2026-04-01T12:55:00Z
1
value 0.41434
scoring_system epss
scoring_elements 0.97391
published_at 2026-04-07T12:55:00Z
2
value 0.41434
scoring_system epss
scoring_elements 0.97397
published_at 2026-04-08T12:55:00Z
3
value 0.41434
scoring_system epss
scoring_elements 0.97398
published_at 2026-04-09T12:55:00Z
4
value 0.41434
scoring_system epss
scoring_elements 0.974
published_at 2026-04-11T12:55:00Z
5
value 0.41434
scoring_system epss
scoring_elements 0.97401
published_at 2026-04-12T12:55:00Z
6
value 0.41434
scoring_system epss
scoring_elements 0.97402
published_at 2026-04-13T12:55:00Z
7
value 0.41434
scoring_system epss
scoring_elements 0.9741
published_at 2026-04-16T12:55:00Z
8
value 0.41434
scoring_system epss
scoring_elements 0.97413
published_at 2026-04-18T12:55:00Z
9
value 0.41434
scoring_system epss
scoring_elements 0.97384
published_at 2026-04-02T12:55:00Z
10
value 0.41434
scoring_system epss
scoring_elements 0.97389
published_at 2026-04-04T12:55:00Z
11
value 0.58412
scoring_system epss
scoring_elements 0.98206
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39935
1
reference_url https://hackerone.com/reports/1236965
reference_id 1236965
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:23:46Z/
url https://hackerone.com/reports/1236965
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/346187
reference_id 346187
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:23:46Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/346187
3
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
4
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
5
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39935.json
reference_id CVE-2021-39935.json
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:23:46Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39935.json
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.2-1
purl pkg:alpm/archlinux/gitlab@14.5.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.2-1
aliases CVE-2021-39935
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t8nq-hx26-kfc7
16
url VCID-uzq6-eukx-8yhv
vulnerability_id VCID-uzq6-eukx-8yhv
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege to a maintainer on projects they import
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39944
reference_id
reference_type
scores
0
value 0.00176
scoring_system epss
scoring_elements 0.39045
published_at 2026-04-21T12:55:00Z
1
value 0.00176
scoring_system epss
scoring_elements 0.38955
published_at 2026-04-01T12:55:00Z
2
value 0.00176
scoring_system epss
scoring_elements 0.39141
published_at 2026-04-02T12:55:00Z
3
value 0.00176
scoring_system epss
scoring_elements 0.39163
published_at 2026-04-04T12:55:00Z
4
value 0.00176
scoring_system epss
scoring_elements 0.39082
published_at 2026-04-07T12:55:00Z
5
value 0.00176
scoring_system epss
scoring_elements 0.39137
published_at 2026-04-08T12:55:00Z
6
value 0.00176
scoring_system epss
scoring_elements 0.39153
published_at 2026-04-09T12:55:00Z
7
value 0.00176
scoring_system epss
scoring_elements 0.39165
published_at 2026-04-11T12:55:00Z
8
value 0.00176
scoring_system epss
scoring_elements 0.39128
published_at 2026-04-12T12:55:00Z
9
value 0.00176
scoring_system epss
scoring_elements 0.39109
published_at 2026-04-13T12:55:00Z
10
value 0.00176
scoring_system epss
scoring_elements 0.39164
published_at 2026-04-16T12:55:00Z
11
value 0.00176
scoring_system epss
scoring_elements 0.39133
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39944
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.2-1
purl pkg:alpm/archlinux/gitlab@14.5.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.2-1
aliases CVE-2021-39944
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uzq6-eukx-8yhv
17
url VCID-vfvr-mjgk-4qce
vulnerability_id VCID-vfvr-mjgk-4qce
summary An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39941
reference_id
reference_type
scores
0
value 0.00293
scoring_system epss
scoring_elements 0.52655
published_at 2026-04-21T12:55:00Z
1
value 0.00293
scoring_system epss
scoring_elements 0.52522
published_at 2026-04-01T12:55:00Z
2
value 0.00293
scoring_system epss
scoring_elements 0.52568
published_at 2026-04-02T12:55:00Z
3
value 0.00293
scoring_system epss
scoring_elements 0.52594
published_at 2026-04-04T12:55:00Z
4
value 0.00293
scoring_system epss
scoring_elements 0.52561
published_at 2026-04-07T12:55:00Z
5
value 0.00293
scoring_system epss
scoring_elements 0.52613
published_at 2026-04-08T12:55:00Z
6
value 0.00293
scoring_system epss
scoring_elements 0.52607
published_at 2026-04-09T12:55:00Z
7
value 0.00293
scoring_system epss
scoring_elements 0.52658
published_at 2026-04-11T12:55:00Z
8
value 0.00293
scoring_system epss
scoring_elements 0.52641
published_at 2026-04-12T12:55:00Z
9
value 0.00293
scoring_system epss
scoring_elements 0.52625
published_at 2026-04-13T12:55:00Z
10
value 0.00293
scoring_system epss
scoring_elements 0.52663
published_at 2026-04-16T12:55:00Z
11
value 0.00293
scoring_system epss
scoring_elements 0.5267
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39941
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.2-1
purl pkg:alpm/archlinux/gitlab@14.5.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.2-1
aliases CVE-2021-39941
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vfvr-mjgk-4qce
18
url VCID-w1jg-8rdt-3ufv
vulnerability_id VCID-w1jg-8rdt-3ufv
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39932
reference_id
reference_type
scores
0
value 0.00222
scoring_system epss
scoring_elements 0.44776
published_at 2026-04-21T12:55:00Z
1
value 0.00222
scoring_system epss
scoring_elements 0.44711
published_at 2026-04-01T12:55:00Z
2
value 0.00222
scoring_system epss
scoring_elements 0.44791
published_at 2026-04-02T12:55:00Z
3
value 0.00222
scoring_system epss
scoring_elements 0.44812
published_at 2026-04-04T12:55:00Z
4
value 0.00222
scoring_system epss
scoring_elements 0.44752
published_at 2026-04-07T12:55:00Z
5
value 0.00222
scoring_system epss
scoring_elements 0.44805
published_at 2026-04-08T12:55:00Z
6
value 0.00222
scoring_system epss
scoring_elements 0.44807
published_at 2026-04-09T12:55:00Z
7
value 0.00222
scoring_system epss
scoring_elements 0.44824
published_at 2026-04-11T12:55:00Z
8
value 0.00222
scoring_system epss
scoring_elements 0.44793
published_at 2026-04-12T12:55:00Z
9
value 0.00222
scoring_system epss
scoring_elements 0.44794
published_at 2026-04-13T12:55:00Z
10
value 0.00222
scoring_system epss
scoring_elements 0.44848
published_at 2026-04-16T12:55:00Z
11
value 0.00222
scoring_system epss
scoring_elements 0.44841
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39932
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.2-1
purl pkg:alpm/archlinux/gitlab@14.5.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.2-1
aliases CVE-2021-39932
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w1jg-8rdt-3ufv
Fixing_vulnerabilities
0
url VCID-1bxs-yghe-cyck
vulnerability_id VCID-1bxs-yghe-cyck
summary 
URL Redirection to Untrusted Site ('Open Redirect')
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22942.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22942.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22942
reference_id
reference_type
scores
0
value 0.00533
scoring_system epss
scoring_elements 0.67413
published_at 2026-04-16T12:55:00Z
1
value 0.00533
scoring_system epss
scoring_elements 0.67378
published_at 2026-04-13T12:55:00Z
2
value 0.00533
scoring_system epss
scoring_elements 0.67412
published_at 2026-04-12T12:55:00Z
3
value 0.00533
scoring_system epss
scoring_elements 0.67424
published_at 2026-04-11T12:55:00Z
4
value 0.00533
scoring_system epss
scoring_elements 0.67403
published_at 2026-04-09T12:55:00Z
5
value 0.00533
scoring_system epss
scoring_elements 0.6739
published_at 2026-04-08T12:55:00Z
6
value 0.00533
scoring_system epss
scoring_elements 0.67361
published_at 2026-04-04T12:55:00Z
7
value 0.00533
scoring_system epss
scoring_elements 0.67339
published_at 2026-04-07T12:55:00Z
8
value 0.00533
scoring_system epss
scoring_elements 0.67302
published_at 2026-04-01T12:55:00Z
9
value 0.00533
scoring_system epss
scoring_elements 0.67402
published_at 2026-04-21T12:55:00Z
10
value 0.00533
scoring_system epss
scoring_elements 0.67425
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22942
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
12
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
13
reference_url https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c
14
reference_url https://rubygems.org/gems/actionpack
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rubygems.org/gems/actionpack
15
reference_url https://security.netapp.com/advisory/ntap-20240202-0005
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240202-0005
16
reference_url https://security.netapp.com/advisory/ntap-20240202-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240202-0005/
17
reference_url https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released
18
reference_url https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/
reference_id
reference_type
scores
url https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/
19
reference_url https://www.debian.org/security/2023/dsa-5372
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5372
20
reference_url http://www.openwall.com/lists/oss-security/2021/12/14/5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/12/14/5
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1995940
reference_id 1995940
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1995940
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992586
reference_id 992586
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992586
23
reference_url https://security.archlinux.org/AVG-2492
reference_id AVG-2492
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2492
24
reference_url https://security.archlinux.org/AVG-2493
reference_id AVG-2493
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2493
25
reference_url https://access.redhat.com/security/cve/cve-2021-22942
reference_id CVE-2021-22942
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2021-22942
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22942
reference_id CVE-2021-22942
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22942
27
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22942.yml
reference_id CVE-2021-22942.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22942.yml
28
reference_url https://github.com/advisories/GHSA-2rqw-v265-jf8c
reference_id GHSA-2rqw-v265-jf8c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rqw-v265-jf8c
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.0-1
purl pkg:alpm/archlinux/gitlab@14.5.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17gb-vdxv-fqc4
1
vulnerability VCID-1f4t-7du8-q3ex
2
vulnerability VCID-5t99-3qbr-sfdj
3
vulnerability VCID-6ns1-mx95-5ffe
4
vulnerability VCID-71j9-ra1c-6uhm
5
vulnerability VCID-989x-8yn6-eqc8
6
vulnerability VCID-99uy-2jrp-u7cx
7
vulnerability VCID-9mm8-knzf-a3gb
8
vulnerability VCID-9wuq-32s1-nydy
9
vulnerability VCID-buuk-gsy3-w7bp
10
vulnerability VCID-gvwq-zqmf-ruak
11
vulnerability VCID-h8td-pdxx-y7en
12
vulnerability VCID-j8nr-cgq2-ubf9
13
vulnerability VCID-m6c7-dfbf-r7gr
14
vulnerability VCID-n2jn-c1k6-67b9
15
vulnerability VCID-t8nq-hx26-kfc7
16
vulnerability VCID-uzq6-eukx-8yhv
17
vulnerability VCID-vfvr-mjgk-4qce
18
vulnerability VCID-w1jg-8rdt-3ufv
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1
aliases CVE-2021-22942, GHSA-2rqw-v265-jf8c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bxs-yghe-cyck
1
url VCID-2uqd-mtms-fqaw
vulnerability_id VCID-2uqd-mtms-fqaw
summary In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39903
reference_id
reference_type
scores
0
value 0.00254
scoring_system epss
scoring_elements 0.48802
published_at 2026-04-21T12:55:00Z
1
value 0.00254
scoring_system epss
scoring_elements 0.48729
published_at 2026-04-01T12:55:00Z
2
value 0.00254
scoring_system epss
scoring_elements 0.48768
published_at 2026-04-02T12:55:00Z
3
value 0.00254
scoring_system epss
scoring_elements 0.48794
published_at 2026-04-04T12:55:00Z
4
value 0.00254
scoring_system epss
scoring_elements 0.48748
published_at 2026-04-07T12:55:00Z
5
value 0.00254
scoring_system epss
scoring_elements 0.48803
published_at 2026-04-08T12:55:00Z
6
value 0.00254
scoring_system epss
scoring_elements 0.488
published_at 2026-04-09T12:55:00Z
7
value 0.00254
scoring_system epss
scoring_elements 0.48817
published_at 2026-04-11T12:55:00Z
8
value 0.00254
scoring_system epss
scoring_elements 0.48791
published_at 2026-04-12T12:55:00Z
9
value 0.00254
scoring_system epss
scoring_elements 0.48798
published_at 2026-04-13T12:55:00Z
10
value 0.00254
scoring_system epss
scoring_elements 0.48847
published_at 2026-04-16T12:55:00Z
11
value 0.00254
scoring_system epss
scoring_elements 0.48843
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39903
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.0-1
purl pkg:alpm/archlinux/gitlab@14.5.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17gb-vdxv-fqc4
1
vulnerability VCID-1f4t-7du8-q3ex
2
vulnerability VCID-5t99-3qbr-sfdj
3
vulnerability VCID-6ns1-mx95-5ffe
4
vulnerability VCID-71j9-ra1c-6uhm
5
vulnerability VCID-989x-8yn6-eqc8
6
vulnerability VCID-99uy-2jrp-u7cx
7
vulnerability VCID-9mm8-knzf-a3gb
8
vulnerability VCID-9wuq-32s1-nydy
9
vulnerability VCID-buuk-gsy3-w7bp
10
vulnerability VCID-gvwq-zqmf-ruak
11
vulnerability VCID-h8td-pdxx-y7en
12
vulnerability VCID-j8nr-cgq2-ubf9
13
vulnerability VCID-m6c7-dfbf-r7gr
14
vulnerability VCID-n2jn-c1k6-67b9
15
vulnerability VCID-t8nq-hx26-kfc7
16
vulnerability VCID-uzq6-eukx-8yhv
17
vulnerability VCID-vfvr-mjgk-4qce
18
vulnerability VCID-w1jg-8rdt-3ufv
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1
aliases CVE-2021-39903
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2uqd-mtms-fqaw
2
url VCID-54ws-nrwe-wucv
vulnerability_id VCID-54ws-nrwe-wucv
summary In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39898
reference_id
reference_type
scores
0
value 0.00301
scoring_system epss
scoring_elements 0.5341
published_at 2026-04-21T12:55:00Z
1
value 0.00301
scoring_system epss
scoring_elements 0.53302
published_at 2026-04-01T12:55:00Z
2
value 0.00301
scoring_system epss
scoring_elements 0.53325
published_at 2026-04-02T12:55:00Z
3
value 0.00301
scoring_system epss
scoring_elements 0.53351
published_at 2026-04-04T12:55:00Z
4
value 0.00301
scoring_system epss
scoring_elements 0.53321
published_at 2026-04-07T12:55:00Z
5
value 0.00301
scoring_system epss
scoring_elements 0.53373
published_at 2026-04-08T12:55:00Z
6
value 0.00301
scoring_system epss
scoring_elements 0.53367
published_at 2026-04-09T12:55:00Z
7
value 0.00301
scoring_system epss
scoring_elements 0.53419
published_at 2026-04-11T12:55:00Z
8
value 0.00301
scoring_system epss
scoring_elements 0.53403
published_at 2026-04-12T12:55:00Z
9
value 0.00301
scoring_system epss
scoring_elements 0.53387
published_at 2026-04-13T12:55:00Z
10
value 0.00301
scoring_system epss
scoring_elements 0.53424
published_at 2026-04-16T12:55:00Z
11
value 0.00301
scoring_system epss
scoring_elements 0.5343
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39898
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.0-1
purl pkg:alpm/archlinux/gitlab@14.5.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17gb-vdxv-fqc4
1
vulnerability VCID-1f4t-7du8-q3ex
2
vulnerability VCID-5t99-3qbr-sfdj
3
vulnerability VCID-6ns1-mx95-5ffe
4
vulnerability VCID-71j9-ra1c-6uhm
5
vulnerability VCID-989x-8yn6-eqc8
6
vulnerability VCID-99uy-2jrp-u7cx
7
vulnerability VCID-9mm8-knzf-a3gb
8
vulnerability VCID-9wuq-32s1-nydy
9
vulnerability VCID-buuk-gsy3-w7bp
10
vulnerability VCID-gvwq-zqmf-ruak
11
vulnerability VCID-h8td-pdxx-y7en
12
vulnerability VCID-j8nr-cgq2-ubf9
13
vulnerability VCID-m6c7-dfbf-r7gr
14
vulnerability VCID-n2jn-c1k6-67b9
15
vulnerability VCID-t8nq-hx26-kfc7
16
vulnerability VCID-uzq6-eukx-8yhv
17
vulnerability VCID-vfvr-mjgk-4qce
18
vulnerability VCID-w1jg-8rdt-3ufv
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1
aliases CVE-2021-39898
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-54ws-nrwe-wucv
3
url VCID-6uvg-uqe6-tud1
vulnerability_id VCID-6uvg-uqe6-tud1
summary A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39907
reference_id
reference_type
scores
0
value 0.00248
scoring_system epss
scoring_elements 0.48113
published_at 2026-04-21T12:55:00Z
1
value 0.00248
scoring_system epss
scoring_elements 0.48044
published_at 2026-04-01T12:55:00Z
2
value 0.00248
scoring_system epss
scoring_elements 0.48082
published_at 2026-04-02T12:55:00Z
3
value 0.00248
scoring_system epss
scoring_elements 0.48103
published_at 2026-04-04T12:55:00Z
4
value 0.00248
scoring_system epss
scoring_elements 0.48053
published_at 2026-04-07T12:55:00Z
5
value 0.00248
scoring_system epss
scoring_elements 0.48106
published_at 2026-04-08T12:55:00Z
6
value 0.00248
scoring_system epss
scoring_elements 0.48101
published_at 2026-04-09T12:55:00Z
7
value 0.00248
scoring_system epss
scoring_elements 0.48124
published_at 2026-04-11T12:55:00Z
8
value 0.00248
scoring_system epss
scoring_elements 0.48099
published_at 2026-04-12T12:55:00Z
9
value 0.00248
scoring_system epss
scoring_elements 0.48111
published_at 2026-04-13T12:55:00Z
10
value 0.00248
scoring_system epss
scoring_elements 0.48163
published_at 2026-04-16T12:55:00Z
11
value 0.00248
scoring_system epss
scoring_elements 0.48158
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39907
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.0-1
purl pkg:alpm/archlinux/gitlab@14.5.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17gb-vdxv-fqc4
1
vulnerability VCID-1f4t-7du8-q3ex
2
vulnerability VCID-5t99-3qbr-sfdj
3
vulnerability VCID-6ns1-mx95-5ffe
4
vulnerability VCID-71j9-ra1c-6uhm
5
vulnerability VCID-989x-8yn6-eqc8
6
vulnerability VCID-99uy-2jrp-u7cx
7
vulnerability VCID-9mm8-knzf-a3gb
8
vulnerability VCID-9wuq-32s1-nydy
9
vulnerability VCID-buuk-gsy3-w7bp
10
vulnerability VCID-gvwq-zqmf-ruak
11
vulnerability VCID-h8td-pdxx-y7en
12
vulnerability VCID-j8nr-cgq2-ubf9
13
vulnerability VCID-m6c7-dfbf-r7gr
14
vulnerability VCID-n2jn-c1k6-67b9
15
vulnerability VCID-t8nq-hx26-kfc7
16
vulnerability VCID-uzq6-eukx-8yhv
17
vulnerability VCID-vfvr-mjgk-4qce
18
vulnerability VCID-w1jg-8rdt-3ufv
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1
aliases CVE-2021-39907
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6uvg-uqe6-tud1
4
url VCID-dana-dyhj-4yec
vulnerability_id VCID-dana-dyhj-4yec
summary In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39895
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51513
published_at 2026-04-21T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51385
published_at 2026-04-01T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.51436
published_at 2026-04-02T12:55:00Z
3
value 0.00281
scoring_system epss
scoring_elements 0.51463
published_at 2026-04-04T12:55:00Z
4
value 0.00281
scoring_system epss
scoring_elements 0.51423
published_at 2026-04-07T12:55:00Z
5
value 0.00281
scoring_system epss
scoring_elements 0.51476
published_at 2026-04-08T12:55:00Z
6
value 0.00281
scoring_system epss
scoring_elements 0.51474
published_at 2026-04-09T12:55:00Z
7
value 0.00281
scoring_system epss
scoring_elements 0.51518
published_at 2026-04-11T12:55:00Z
8
value 0.00281
scoring_system epss
scoring_elements 0.51497
published_at 2026-04-12T12:55:00Z
9
value 0.00281
scoring_system epss
scoring_elements 0.51484
published_at 2026-04-13T12:55:00Z
10
value 0.00281
scoring_system epss
scoring_elements 0.51526
published_at 2026-04-16T12:55:00Z
11
value 0.00281
scoring_system epss
scoring_elements 0.51535
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39895
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.0-1
purl pkg:alpm/archlinux/gitlab@14.5.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17gb-vdxv-fqc4
1
vulnerability VCID-1f4t-7du8-q3ex
2
vulnerability VCID-5t99-3qbr-sfdj
3
vulnerability VCID-6ns1-mx95-5ffe
4
vulnerability VCID-71j9-ra1c-6uhm
5
vulnerability VCID-989x-8yn6-eqc8
6
vulnerability VCID-99uy-2jrp-u7cx
7
vulnerability VCID-9mm8-knzf-a3gb
8
vulnerability VCID-9wuq-32s1-nydy
9
vulnerability VCID-buuk-gsy3-w7bp
10
vulnerability VCID-gvwq-zqmf-ruak
11
vulnerability VCID-h8td-pdxx-y7en
12
vulnerability VCID-j8nr-cgq2-ubf9
13
vulnerability VCID-m6c7-dfbf-r7gr
14
vulnerability VCID-n2jn-c1k6-67b9
15
vulnerability VCID-t8nq-hx26-kfc7
16
vulnerability VCID-uzq6-eukx-8yhv
17
vulnerability VCID-vfvr-mjgk-4qce
18
vulnerability VCID-w1jg-8rdt-3ufv
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1
aliases CVE-2021-39895
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dana-dyhj-4yec
5
url VCID-de8b-d4wk-y3g2
vulnerability_id VCID-de8b-d4wk-y3g2
summary Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39909
reference_id
reference_type
scores
0
value 0.00049
scoring_system epss
scoring_elements 0.15021
published_at 2026-04-21T12:55:00Z
1
value 0.00049
scoring_system epss
scoring_elements 0.15144
published_at 2026-04-01T12:55:00Z
2
value 0.00049
scoring_system epss
scoring_elements 0.15184
published_at 2026-04-02T12:55:00Z
3
value 0.00049
scoring_system epss
scoring_elements 0.15251
published_at 2026-04-04T12:55:00Z
4
value 0.00049
scoring_system epss
scoring_elements 0.15055
published_at 2026-04-07T12:55:00Z
5
value 0.00049
scoring_system epss
scoring_elements 0.15143
published_at 2026-04-08T12:55:00Z
6
value 0.00049
scoring_system epss
scoring_elements 0.15194
published_at 2026-04-09T12:55:00Z
7
value 0.00049
scoring_system epss
scoring_elements 0.15164
published_at 2026-04-11T12:55:00Z
8
value 0.00049
scoring_system epss
scoring_elements 0.15126
published_at 2026-04-12T12:55:00Z
9
value 0.00049
scoring_system epss
scoring_elements 0.15061
published_at 2026-04-13T12:55:00Z
10
value 0.00049
scoring_system epss
scoring_elements 0.14961
published_at 2026-04-16T12:55:00Z
11
value 0.00049
scoring_system epss
scoring_elements 0.1497
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39909
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.0-1
purl pkg:alpm/archlinux/gitlab@14.5.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17gb-vdxv-fqc4
1
vulnerability VCID-1f4t-7du8-q3ex
2
vulnerability VCID-5t99-3qbr-sfdj
3
vulnerability VCID-6ns1-mx95-5ffe
4
vulnerability VCID-71j9-ra1c-6uhm
5
vulnerability VCID-989x-8yn6-eqc8
6
vulnerability VCID-99uy-2jrp-u7cx
7
vulnerability VCID-9mm8-knzf-a3gb
8
vulnerability VCID-9wuq-32s1-nydy
9
vulnerability VCID-buuk-gsy3-w7bp
10
vulnerability VCID-gvwq-zqmf-ruak
11
vulnerability VCID-h8td-pdxx-y7en
12
vulnerability VCID-j8nr-cgq2-ubf9
13
vulnerability VCID-m6c7-dfbf-r7gr
14
vulnerability VCID-n2jn-c1k6-67b9
15
vulnerability VCID-t8nq-hx26-kfc7
16
vulnerability VCID-uzq6-eukx-8yhv
17
vulnerability VCID-vfvr-mjgk-4qce
18
vulnerability VCID-w1jg-8rdt-3ufv
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1
aliases CVE-2021-39909
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-de8b-d4wk-y3g2
6
url VCID-f663-qdnt-4fhz
vulnerability_id VCID-f663-qdnt-4fhz
summary Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39902
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45329
published_at 2026-04-21T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45239
published_at 2026-04-01T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.4532
published_at 2026-04-02T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45342
published_at 2026-04-04T12:55:00Z
4
value 0.00226
scoring_system epss
scoring_elements 0.45285
published_at 2026-04-07T12:55:00Z
5
value 0.00226
scoring_system epss
scoring_elements 0.4534
published_at 2026-04-09T12:55:00Z
6
value 0.00226
scoring_system epss
scoring_elements 0.45362
published_at 2026-04-11T12:55:00Z
7
value 0.00226
scoring_system epss
scoring_elements 0.4533
published_at 2026-04-12T12:55:00Z
8
value 0.00226
scoring_system epss
scoring_elements 0.45332
published_at 2026-04-13T12:55:00Z
9
value 0.00226
scoring_system epss
scoring_elements 0.45383
published_at 2026-04-16T12:55:00Z
10
value 0.00226
scoring_system epss
scoring_elements 0.45379
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39902
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.0-1
purl pkg:alpm/archlinux/gitlab@14.5.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17gb-vdxv-fqc4
1
vulnerability VCID-1f4t-7du8-q3ex
2
vulnerability VCID-5t99-3qbr-sfdj
3
vulnerability VCID-6ns1-mx95-5ffe
4
vulnerability VCID-71j9-ra1c-6uhm
5
vulnerability VCID-989x-8yn6-eqc8
6
vulnerability VCID-99uy-2jrp-u7cx
7
vulnerability VCID-9mm8-knzf-a3gb
8
vulnerability VCID-9wuq-32s1-nydy
9
vulnerability VCID-buuk-gsy3-w7bp
10
vulnerability VCID-gvwq-zqmf-ruak
11
vulnerability VCID-h8td-pdxx-y7en
12
vulnerability VCID-j8nr-cgq2-ubf9
13
vulnerability VCID-m6c7-dfbf-r7gr
14
vulnerability VCID-n2jn-c1k6-67b9
15
vulnerability VCID-t8nq-hx26-kfc7
16
vulnerability VCID-uzq6-eukx-8yhv
17
vulnerability VCID-vfvr-mjgk-4qce
18
vulnerability VCID-w1jg-8rdt-3ufv
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1
aliases CVE-2021-39902
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f663-qdnt-4fhz
7
url VCID-j6gp-wgz9-17h6
vulnerability_id VCID-j6gp-wgz9-17h6
summary Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39906
reference_id
reference_type
scores
0
value 0.01183
scoring_system epss
scoring_elements 0.78793
published_at 2026-04-21T12:55:00Z
1
value 0.01183
scoring_system epss
scoring_elements 0.7872
published_at 2026-04-01T12:55:00Z
2
value 0.01183
scoring_system epss
scoring_elements 0.78728
published_at 2026-04-02T12:55:00Z
3
value 0.01183
scoring_system epss
scoring_elements 0.78759
published_at 2026-04-04T12:55:00Z
4
value 0.01183
scoring_system epss
scoring_elements 0.78741
published_at 2026-04-07T12:55:00Z
5
value 0.01183
scoring_system epss
scoring_elements 0.78767
published_at 2026-04-08T12:55:00Z
6
value 0.01183
scoring_system epss
scoring_elements 0.78774
published_at 2026-04-09T12:55:00Z
7
value 0.01183
scoring_system epss
scoring_elements 0.78797
published_at 2026-04-11T12:55:00Z
8
value 0.01183
scoring_system epss
scoring_elements 0.7878
published_at 2026-04-12T12:55:00Z
9
value 0.01183
scoring_system epss
scoring_elements 0.78771
published_at 2026-04-13T12:55:00Z
10
value 0.01183
scoring_system epss
scoring_elements 0.788
published_at 2026-04-16T12:55:00Z
11
value 0.01183
scoring_system epss
scoring_elements 0.78798
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39906
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.0-1
purl pkg:alpm/archlinux/gitlab@14.5.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17gb-vdxv-fqc4
1
vulnerability VCID-1f4t-7du8-q3ex
2
vulnerability VCID-5t99-3qbr-sfdj
3
vulnerability VCID-6ns1-mx95-5ffe
4
vulnerability VCID-71j9-ra1c-6uhm
5
vulnerability VCID-989x-8yn6-eqc8
6
vulnerability VCID-99uy-2jrp-u7cx
7
vulnerability VCID-9mm8-knzf-a3gb
8
vulnerability VCID-9wuq-32s1-nydy
9
vulnerability VCID-buuk-gsy3-w7bp
10
vulnerability VCID-gvwq-zqmf-ruak
11
vulnerability VCID-h8td-pdxx-y7en
12
vulnerability VCID-j8nr-cgq2-ubf9
13
vulnerability VCID-m6c7-dfbf-r7gr
14
vulnerability VCID-n2jn-c1k6-67b9
15
vulnerability VCID-t8nq-hx26-kfc7
16
vulnerability VCID-uzq6-eukx-8yhv
17
vulnerability VCID-vfvr-mjgk-4qce
18
vulnerability VCID-w1jg-8rdt-3ufv
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1
aliases CVE-2021-39906
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6gp-wgz9-17h6
8
url VCID-r36y-zth9-2bbv
vulnerability_id VCID-r36y-zth9-2bbv
summary An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39911
reference_id
reference_type
scores
0
value 0.00219
scoring_system epss
scoring_elements 0.44509
published_at 2026-04-21T12:55:00Z
1
value 0.00219
scoring_system epss
scoring_elements 0.44459
published_at 2026-04-01T12:55:00Z
2
value 0.00219
scoring_system epss
scoring_elements 0.44528
published_at 2026-04-02T12:55:00Z
3
value 0.00219
scoring_system epss
scoring_elements 0.4455
published_at 2026-04-04T12:55:00Z
4
value 0.00219
scoring_system epss
scoring_elements 0.44488
published_at 2026-04-07T12:55:00Z
5
value 0.00219
scoring_system epss
scoring_elements 0.44539
published_at 2026-04-08T12:55:00Z
6
value 0.00219
scoring_system epss
scoring_elements 0.44544
published_at 2026-04-09T12:55:00Z
7
value 0.00219
scoring_system epss
scoring_elements 0.4456
published_at 2026-04-11T12:55:00Z
8
value 0.00219
scoring_system epss
scoring_elements 0.4453
published_at 2026-04-12T12:55:00Z
9
value 0.00219
scoring_system epss
scoring_elements 0.44532
published_at 2026-04-13T12:55:00Z
10
value 0.00219
scoring_system epss
scoring_elements 0.44587
published_at 2026-04-16T12:55:00Z
11
value 0.00219
scoring_system epss
scoring_elements 0.44579
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39911
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.0-1
purl pkg:alpm/archlinux/gitlab@14.5.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17gb-vdxv-fqc4
1
vulnerability VCID-1f4t-7du8-q3ex
2
vulnerability VCID-5t99-3qbr-sfdj
3
vulnerability VCID-6ns1-mx95-5ffe
4
vulnerability VCID-71j9-ra1c-6uhm
5
vulnerability VCID-989x-8yn6-eqc8
6
vulnerability VCID-99uy-2jrp-u7cx
7
vulnerability VCID-9mm8-knzf-a3gb
8
vulnerability VCID-9wuq-32s1-nydy
9
vulnerability VCID-buuk-gsy3-w7bp
10
vulnerability VCID-gvwq-zqmf-ruak
11
vulnerability VCID-h8td-pdxx-y7en
12
vulnerability VCID-j8nr-cgq2-ubf9
13
vulnerability VCID-m6c7-dfbf-r7gr
14
vulnerability VCID-n2jn-c1k6-67b9
15
vulnerability VCID-t8nq-hx26-kfc7
16
vulnerability VCID-uzq6-eukx-8yhv
17
vulnerability VCID-vfvr-mjgk-4qce
18
vulnerability VCID-w1jg-8rdt-3ufv
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1
aliases CVE-2021-39911
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r36y-zth9-2bbv
9
url VCID-sxfm-yjar-r3gy
vulnerability_id VCID-sxfm-yjar-r3gy
summary A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39912
reference_id
reference_type
scores
0
value 0.00248
scoring_system epss
scoring_elements 0.48113
published_at 2026-04-21T12:55:00Z
1
value 0.00248
scoring_system epss
scoring_elements 0.48044
published_at 2026-04-01T12:55:00Z
2
value 0.00248
scoring_system epss
scoring_elements 0.48082
published_at 2026-04-02T12:55:00Z
3
value 0.00248
scoring_system epss
scoring_elements 0.48103
published_at 2026-04-04T12:55:00Z
4
value 0.00248
scoring_system epss
scoring_elements 0.48053
published_at 2026-04-07T12:55:00Z
5
value 0.00248
scoring_system epss
scoring_elements 0.48106
published_at 2026-04-08T12:55:00Z
6
value 0.00248
scoring_system epss
scoring_elements 0.48101
published_at 2026-04-09T12:55:00Z
7
value 0.00248
scoring_system epss
scoring_elements 0.48124
published_at 2026-04-11T12:55:00Z
8
value 0.00248
scoring_system epss
scoring_elements 0.48099
published_at 2026-04-12T12:55:00Z
9
value 0.00248
scoring_system epss
scoring_elements 0.48111
published_at 2026-04-13T12:55:00Z
10
value 0.00248
scoring_system epss
scoring_elements 0.48163
published_at 2026-04-16T12:55:00Z
11
value 0.00248
scoring_system epss
scoring_elements 0.48158
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39912
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.0-1
purl pkg:alpm/archlinux/gitlab@14.5.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17gb-vdxv-fqc4
1
vulnerability VCID-1f4t-7du8-q3ex
2
vulnerability VCID-5t99-3qbr-sfdj
3
vulnerability VCID-6ns1-mx95-5ffe
4
vulnerability VCID-71j9-ra1c-6uhm
5
vulnerability VCID-989x-8yn6-eqc8
6
vulnerability VCID-99uy-2jrp-u7cx
7
vulnerability VCID-9mm8-knzf-a3gb
8
vulnerability VCID-9wuq-32s1-nydy
9
vulnerability VCID-buuk-gsy3-w7bp
10
vulnerability VCID-gvwq-zqmf-ruak
11
vulnerability VCID-h8td-pdxx-y7en
12
vulnerability VCID-j8nr-cgq2-ubf9
13
vulnerability VCID-m6c7-dfbf-r7gr
14
vulnerability VCID-n2jn-c1k6-67b9
15
vulnerability VCID-t8nq-hx26-kfc7
16
vulnerability VCID-uzq6-eukx-8yhv
17
vulnerability VCID-vfvr-mjgk-4qce
18
vulnerability VCID-w1jg-8rdt-3ufv
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1
aliases CVE-2021-39912
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sxfm-yjar-r3gy
10
url VCID-ubka-br7q-dyax
vulnerability_id VCID-ubka-br7q-dyax
summary An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39905
reference_id
reference_type
scores
0
value 0.003
scoring_system epss
scoring_elements 0.5335
published_at 2026-04-21T12:55:00Z
1
value 0.003
scoring_system epss
scoring_elements 0.53244
published_at 2026-04-01T12:55:00Z
2
value 0.003
scoring_system epss
scoring_elements 0.53267
published_at 2026-04-02T12:55:00Z
3
value 0.003
scoring_system epss
scoring_elements 0.53293
published_at 2026-04-04T12:55:00Z
4
value 0.003
scoring_system epss
scoring_elements 0.53262
published_at 2026-04-07T12:55:00Z
5
value 0.003
scoring_system epss
scoring_elements 0.53314
published_at 2026-04-08T12:55:00Z
6
value 0.003
scoring_system epss
scoring_elements 0.53309
published_at 2026-04-09T12:55:00Z
7
value 0.003
scoring_system epss
scoring_elements 0.53359
published_at 2026-04-11T12:55:00Z
8
value 0.003
scoring_system epss
scoring_elements 0.53344
published_at 2026-04-12T12:55:00Z
9
value 0.003
scoring_system epss
scoring_elements 0.53327
published_at 2026-04-13T12:55:00Z
10
value 0.003
scoring_system epss
scoring_elements 0.53365
published_at 2026-04-16T12:55:00Z
11
value 0.003
scoring_system epss
scoring_elements 0.5337
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39905
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.0-1
purl pkg:alpm/archlinux/gitlab@14.5.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17gb-vdxv-fqc4
1
vulnerability VCID-1f4t-7du8-q3ex
2
vulnerability VCID-5t99-3qbr-sfdj
3
vulnerability VCID-6ns1-mx95-5ffe
4
vulnerability VCID-71j9-ra1c-6uhm
5
vulnerability VCID-989x-8yn6-eqc8
6
vulnerability VCID-99uy-2jrp-u7cx
7
vulnerability VCID-9mm8-knzf-a3gb
8
vulnerability VCID-9wuq-32s1-nydy
9
vulnerability VCID-buuk-gsy3-w7bp
10
vulnerability VCID-gvwq-zqmf-ruak
11
vulnerability VCID-h8td-pdxx-y7en
12
vulnerability VCID-j8nr-cgq2-ubf9
13
vulnerability VCID-m6c7-dfbf-r7gr
14
vulnerability VCID-n2jn-c1k6-67b9
15
vulnerability VCID-t8nq-hx26-kfc7
16
vulnerability VCID-uzq6-eukx-8yhv
17
vulnerability VCID-vfvr-mjgk-4qce
18
vulnerability VCID-w1jg-8rdt-3ufv
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1
aliases CVE-2021-39905
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ubka-br7q-dyax
11
url VCID-utt5-yq43-tydb
vulnerability_id VCID-utt5-yq43-tydb
summary Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39897
reference_id
reference_type
scores
0
value 0.00289
scoring_system epss
scoring_elements 0.52387
published_at 2026-04-21T12:55:00Z
1
value 0.00289
scoring_system epss
scoring_elements 0.52257
published_at 2026-04-01T12:55:00Z
2
value 0.00289
scoring_system epss
scoring_elements 0.523
published_at 2026-04-02T12:55:00Z
3
value 0.00289
scoring_system epss
scoring_elements 0.52328
published_at 2026-04-04T12:55:00Z
4
value 0.00289
scoring_system epss
scoring_elements 0.5229
published_at 2026-04-07T12:55:00Z
5
value 0.00289
scoring_system epss
scoring_elements 0.52343
published_at 2026-04-08T12:55:00Z
6
value 0.00289
scoring_system epss
scoring_elements 0.52338
published_at 2026-04-09T12:55:00Z
7
value 0.00289
scoring_system epss
scoring_elements 0.52388
published_at 2026-04-11T12:55:00Z
8
value 0.00289
scoring_system epss
scoring_elements 0.52373
published_at 2026-04-12T12:55:00Z
9
value 0.00289
scoring_system epss
scoring_elements 0.52359
published_at 2026-04-13T12:55:00Z
10
value 0.00289
scoring_system epss
scoring_elements 0.52397
published_at 2026-04-16T12:55:00Z
11
value 0.00289
scoring_system epss
scoring_elements 0.52403
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39897
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.0-1
purl pkg:alpm/archlinux/gitlab@14.5.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17gb-vdxv-fqc4
1
vulnerability VCID-1f4t-7du8-q3ex
2
vulnerability VCID-5t99-3qbr-sfdj
3
vulnerability VCID-6ns1-mx95-5ffe
4
vulnerability VCID-71j9-ra1c-6uhm
5
vulnerability VCID-989x-8yn6-eqc8
6
vulnerability VCID-99uy-2jrp-u7cx
7
vulnerability VCID-9mm8-knzf-a3gb
8
vulnerability VCID-9wuq-32s1-nydy
9
vulnerability VCID-buuk-gsy3-w7bp
10
vulnerability VCID-gvwq-zqmf-ruak
11
vulnerability VCID-h8td-pdxx-y7en
12
vulnerability VCID-j8nr-cgq2-ubf9
13
vulnerability VCID-m6c7-dfbf-r7gr
14
vulnerability VCID-n2jn-c1k6-67b9
15
vulnerability VCID-t8nq-hx26-kfc7
16
vulnerability VCID-uzq6-eukx-8yhv
17
vulnerability VCID-vfvr-mjgk-4qce
18
vulnerability VCID-w1jg-8rdt-3ufv
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1
aliases CVE-2021-39897
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-utt5-yq43-tydb
12
url VCID-vqxg-nt2j-skcd
vulnerability_id VCID-vqxg-nt2j-skcd
summary Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39913
reference_id
reference_type
scores
0
value 0.0006
scoring_system epss
scoring_elements 0.18877
published_at 2026-04-21T12:55:00Z
1
value 0.0006
scoring_system epss
scoring_elements 0.18953
published_at 2026-04-01T12:55:00Z
2
value 0.0006
scoring_system epss
scoring_elements 0.1909
published_at 2026-04-02T12:55:00Z
3
value 0.0006
scoring_system epss
scoring_elements 0.19141
published_at 2026-04-04T12:55:00Z
4
value 0.0006
scoring_system epss
scoring_elements 0.18858
published_at 2026-04-07T12:55:00Z
5
value 0.0006
scoring_system epss
scoring_elements 0.18937
published_at 2026-04-08T12:55:00Z
6
value 0.0006
scoring_system epss
scoring_elements 0.1899
published_at 2026-04-09T12:55:00Z
7
value 0.0006
scoring_system epss
scoring_elements 0.18997
published_at 2026-04-11T12:55:00Z
8
value 0.0006
scoring_system epss
scoring_elements 0.1895
published_at 2026-04-12T12:55:00Z
9
value 0.0006
scoring_system epss
scoring_elements 0.18899
published_at 2026-04-13T12:55:00Z
10
value 0.0006
scoring_system epss
scoring_elements 0.18854
published_at 2026-04-16T12:55:00Z
11
value 0.0006
scoring_system epss
scoring_elements 0.18866
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39913
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.0-1
purl pkg:alpm/archlinux/gitlab@14.5.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17gb-vdxv-fqc4
1
vulnerability VCID-1f4t-7du8-q3ex
2
vulnerability VCID-5t99-3qbr-sfdj
3
vulnerability VCID-6ns1-mx95-5ffe
4
vulnerability VCID-71j9-ra1c-6uhm
5
vulnerability VCID-989x-8yn6-eqc8
6
vulnerability VCID-99uy-2jrp-u7cx
7
vulnerability VCID-9mm8-knzf-a3gb
8
vulnerability VCID-9wuq-32s1-nydy
9
vulnerability VCID-buuk-gsy3-w7bp
10
vulnerability VCID-gvwq-zqmf-ruak
11
vulnerability VCID-h8td-pdxx-y7en
12
vulnerability VCID-j8nr-cgq2-ubf9
13
vulnerability VCID-m6c7-dfbf-r7gr
14
vulnerability VCID-n2jn-c1k6-67b9
15
vulnerability VCID-t8nq-hx26-kfc7
16
vulnerability VCID-uzq6-eukx-8yhv
17
vulnerability VCID-vfvr-mjgk-4qce
18
vulnerability VCID-w1jg-8rdt-3ufv
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1
aliases CVE-2021-39913
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vqxg-nt2j-skcd
13
url VCID-w5ry-7u68-vbhz
vulnerability_id VCID-w5ry-7u68-vbhz
summary In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39901
reference_id
reference_type
scores
0
value 0.00293
scoring_system epss
scoring_elements 0.52648
published_at 2026-04-21T12:55:00Z
1
value 0.00293
scoring_system epss
scoring_elements 0.52514
published_at 2026-04-01T12:55:00Z
2
value 0.00293
scoring_system epss
scoring_elements 0.52559
published_at 2026-04-02T12:55:00Z
3
value 0.00293
scoring_system epss
scoring_elements 0.52586
published_at 2026-04-04T12:55:00Z
4
value 0.00293
scoring_system epss
scoring_elements 0.52553
published_at 2026-04-07T12:55:00Z
5
value 0.00293
scoring_system epss
scoring_elements 0.52605
published_at 2026-04-08T12:55:00Z
6
value 0.00293
scoring_system epss
scoring_elements 0.52599
published_at 2026-04-09T12:55:00Z
7
value 0.00293
scoring_system epss
scoring_elements 0.52649
published_at 2026-04-11T12:55:00Z
8
value 0.00293
scoring_system epss
scoring_elements 0.52632
published_at 2026-04-12T12:55:00Z
9
value 0.00293
scoring_system epss
scoring_elements 0.52618
published_at 2026-04-13T12:55:00Z
10
value 0.00293
scoring_system epss
scoring_elements 0.52656
published_at 2026-04-16T12:55:00Z
11
value 0.00293
scoring_system epss
scoring_elements 0.52663
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39901
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.0-1
purl pkg:alpm/archlinux/gitlab@14.5.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17gb-vdxv-fqc4
1
vulnerability VCID-1f4t-7du8-q3ex
2
vulnerability VCID-5t99-3qbr-sfdj
3
vulnerability VCID-6ns1-mx95-5ffe
4
vulnerability VCID-71j9-ra1c-6uhm
5
vulnerability VCID-989x-8yn6-eqc8
6
vulnerability VCID-99uy-2jrp-u7cx
7
vulnerability VCID-9mm8-knzf-a3gb
8
vulnerability VCID-9wuq-32s1-nydy
9
vulnerability VCID-buuk-gsy3-w7bp
10
vulnerability VCID-gvwq-zqmf-ruak
11
vulnerability VCID-h8td-pdxx-y7en
12
vulnerability VCID-j8nr-cgq2-ubf9
13
vulnerability VCID-m6c7-dfbf-r7gr
14
vulnerability VCID-n2jn-c1k6-67b9
15
vulnerability VCID-t8nq-hx26-kfc7
16
vulnerability VCID-uzq6-eukx-8yhv
17
vulnerability VCID-vfvr-mjgk-4qce
18
vulnerability VCID-w1jg-8rdt-3ufv
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1
aliases CVE-2021-39901
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w5ry-7u68-vbhz
14
url VCID-xm82-tdpb-buf6
vulnerability_id VCID-xm82-tdpb-buf6
summary A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39914
reference_id
reference_type
scores
0
value 0.00176
scoring_system epss
scoring_elements 0.39072
published_at 2026-04-21T12:55:00Z
1
value 0.00176
scoring_system epss
scoring_elements 0.38982
published_at 2026-04-01T12:55:00Z
2
value 0.00176
scoring_system epss
scoring_elements 0.39169
published_at 2026-04-02T12:55:00Z
3
value 0.00176
scoring_system epss
scoring_elements 0.3919
published_at 2026-04-04T12:55:00Z
4
value 0.00176
scoring_system epss
scoring_elements 0.3911
published_at 2026-04-07T12:55:00Z
5
value 0.00176
scoring_system epss
scoring_elements 0.39164
published_at 2026-04-08T12:55:00Z
6
value 0.00176
scoring_system epss
scoring_elements 0.39181
published_at 2026-04-09T12:55:00Z
7
value 0.00176
scoring_system epss
scoring_elements 0.39192
published_at 2026-04-11T12:55:00Z
8
value 0.00176
scoring_system epss
scoring_elements 0.39156
published_at 2026-04-12T12:55:00Z
9
value 0.00176
scoring_system epss
scoring_elements 0.39137
published_at 2026-04-13T12:55:00Z
10
value 0.00176
scoring_system epss
scoring_elements 0.39191
published_at 2026-04-16T12:55:00Z
11
value 0.00176
scoring_system epss
scoring_elements 0.39161
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39914
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.0-1
purl pkg:alpm/archlinux/gitlab@14.5.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17gb-vdxv-fqc4
1
vulnerability VCID-1f4t-7du8-q3ex
2
vulnerability VCID-5t99-3qbr-sfdj
3
vulnerability VCID-6ns1-mx95-5ffe
4
vulnerability VCID-71j9-ra1c-6uhm
5
vulnerability VCID-989x-8yn6-eqc8
6
vulnerability VCID-99uy-2jrp-u7cx
7
vulnerability VCID-9mm8-knzf-a3gb
8
vulnerability VCID-9wuq-32s1-nydy
9
vulnerability VCID-buuk-gsy3-w7bp
10
vulnerability VCID-gvwq-zqmf-ruak
11
vulnerability VCID-h8td-pdxx-y7en
12
vulnerability VCID-j8nr-cgq2-ubf9
13
vulnerability VCID-m6c7-dfbf-r7gr
14
vulnerability VCID-n2jn-c1k6-67b9
15
vulnerability VCID-t8nq-hx26-kfc7
16
vulnerability VCID-uzq6-eukx-8yhv
17
vulnerability VCID-vfvr-mjgk-4qce
18
vulnerability VCID-w1jg-8rdt-3ufv
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1
aliases CVE-2021-39914
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xm82-tdpb-buf6
15
url VCID-zy36-rb3k-y7eg
vulnerability_id VCID-zy36-rb3k-y7eg
summary An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39904
reference_id
reference_type
scores
0
value 0.00121
scoring_system epss
scoring_elements 0.31166
published_at 2026-04-21T12:55:00Z
1
value 0.00121
scoring_system epss
scoring_elements 0.31194
published_at 2026-04-01T12:55:00Z
2
value 0.00121
scoring_system epss
scoring_elements 0.31321
published_at 2026-04-02T12:55:00Z
3
value 0.00121
scoring_system epss
scoring_elements 0.31363
published_at 2026-04-04T12:55:00Z
4
value 0.00121
scoring_system epss
scoring_elements 0.31182
published_at 2026-04-13T12:55:00Z
5
value 0.00121
scoring_system epss
scoring_elements 0.31235
published_at 2026-04-08T12:55:00Z
6
value 0.00121
scoring_system epss
scoring_elements 0.31266
published_at 2026-04-09T12:55:00Z
7
value 0.00121
scoring_system epss
scoring_elements 0.3127
published_at 2026-04-11T12:55:00Z
8
value 0.00121
scoring_system epss
scoring_elements 0.31226
published_at 2026-04-12T12:55:00Z
9
value 0.00121
scoring_system epss
scoring_elements 0.31215
published_at 2026-04-16T12:55:00Z
10
value 0.00121
scoring_system epss
scoring_elements 0.31197
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39904
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.5.0-1
purl pkg:alpm/archlinux/gitlab@14.5.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17gb-vdxv-fqc4
1
vulnerability VCID-1f4t-7du8-q3ex
2
vulnerability VCID-5t99-3qbr-sfdj
3
vulnerability VCID-6ns1-mx95-5ffe
4
vulnerability VCID-71j9-ra1c-6uhm
5
vulnerability VCID-989x-8yn6-eqc8
6
vulnerability VCID-99uy-2jrp-u7cx
7
vulnerability VCID-9mm8-knzf-a3gb
8
vulnerability VCID-9wuq-32s1-nydy
9
vulnerability VCID-buuk-gsy3-w7bp
10
vulnerability VCID-gvwq-zqmf-ruak
11
vulnerability VCID-h8td-pdxx-y7en
12
vulnerability VCID-j8nr-cgq2-ubf9
13
vulnerability VCID-m6c7-dfbf-r7gr
14
vulnerability VCID-n2jn-c1k6-67b9
15
vulnerability VCID-t8nq-hx26-kfc7
16
vulnerability VCID-uzq6-eukx-8yhv
17
vulnerability VCID-vfvr-mjgk-4qce
18
vulnerability VCID-w1jg-8rdt-3ufv
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1
aliases CVE-2021-39904
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zy36-rb3k-y7eg
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1