Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/371835?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/371835?format=api", "purl": "pkg:alpm/archlinux/gitlab@14.3.3-2", "type": "alpm", "namespace": "archlinux", "name": "gitlab", "version": "14.3.3-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "14.5.2-1", "latest_non_vulnerable_version": "15.2.1-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11124?format=api", "vulnerability_id": "VCID-1bxs-yghe-cyck", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nA possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22942.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22942.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67413", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67378", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67412", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67424", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67403", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.6739", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67361", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67339", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67302", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67402", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67425", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c" }, { "reference_url": "https://rubygems.org/gems/actionpack", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubygems.org/gems/actionpack" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20240202-0005/" }, { "reference_url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released" }, { "reference_url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5372", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5372" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/12/14/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/12/14/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995940", "reference_id": "1995940", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995940" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992586", "reference_id": "992586", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992586" }, { "reference_url": "https://security.archlinux.org/AVG-2492", "reference_id": "AVG-2492", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2492" }, { "reference_url": "https://security.archlinux.org/AVG-2493", "reference_id": "AVG-2493", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2493" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2021-22942", "reference_id": "CVE-2021-22942", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2021-22942" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22942", "reference_id": "CVE-2021-22942", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22942" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22942.yml", "reference_id": "CVE-2021-22942.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22942.yml" }, { "reference_url": "https://github.com/advisories/GHSA-2rqw-v265-jf8c", "reference_id": "GHSA-2rqw-v265-jf8c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2rqw-v265-jf8c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371830?format=api", "purl": "pkg:alpm/archlinux/gitlab@14.5.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17gb-vdxv-fqc4" }, { "vulnerability": "VCID-1f4t-7du8-q3ex" }, { "vulnerability": "VCID-5t99-3qbr-sfdj" }, { "vulnerability": "VCID-6ns1-mx95-5ffe" }, { "vulnerability": "VCID-71j9-ra1c-6uhm" }, { "vulnerability": "VCID-989x-8yn6-eqc8" }, { "vulnerability": "VCID-99uy-2jrp-u7cx" }, { "vulnerability": "VCID-9mm8-knzf-a3gb" }, { "vulnerability": "VCID-9wuq-32s1-nydy" }, { "vulnerability": "VCID-buuk-gsy3-w7bp" }, { "vulnerability": "VCID-gvwq-zqmf-ruak" }, { "vulnerability": "VCID-h8td-pdxx-y7en" }, { "vulnerability": "VCID-j8nr-cgq2-ubf9" }, { "vulnerability": "VCID-m6c7-dfbf-r7gr" }, { "vulnerability": "VCID-n2jn-c1k6-67b9" }, { "vulnerability": "VCID-t8nq-hx26-kfc7" }, { "vulnerability": "VCID-uzq6-eukx-8yhv" }, { "vulnerability": "VCID-vfvr-mjgk-4qce" }, { "vulnerability": "VCID-w1jg-8rdt-3ufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1" } ], "aliases": [ "CVE-2021-22942", "GHSA-2rqw-v265-jf8c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1bxs-yghe-cyck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256764?format=api", "vulnerability_id": "VCID-2uqd-mtms-fqaw", "summary": "In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39903", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48802", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48729", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48768", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48794", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48748", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48803", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.488", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48817", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48791", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48798", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48847", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48843", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39903" }, { "reference_url": "https://security.archlinux.org/AVG-2503", "reference_id": "AVG-2503", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371830?format=api", "purl": "pkg:alpm/archlinux/gitlab@14.5.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17gb-vdxv-fqc4" }, { "vulnerability": "VCID-1f4t-7du8-q3ex" }, { "vulnerability": "VCID-5t99-3qbr-sfdj" }, { "vulnerability": "VCID-6ns1-mx95-5ffe" }, { "vulnerability": "VCID-71j9-ra1c-6uhm" }, { "vulnerability": "VCID-989x-8yn6-eqc8" }, { "vulnerability": "VCID-99uy-2jrp-u7cx" }, { "vulnerability": "VCID-9mm8-knzf-a3gb" }, { "vulnerability": "VCID-9wuq-32s1-nydy" }, { "vulnerability": "VCID-buuk-gsy3-w7bp" }, { "vulnerability": "VCID-gvwq-zqmf-ruak" }, { "vulnerability": "VCID-h8td-pdxx-y7en" }, { "vulnerability": "VCID-j8nr-cgq2-ubf9" }, { "vulnerability": "VCID-m6c7-dfbf-r7gr" }, { "vulnerability": "VCID-n2jn-c1k6-67b9" }, { "vulnerability": "VCID-t8nq-hx26-kfc7" }, { "vulnerability": "VCID-uzq6-eukx-8yhv" }, { "vulnerability": "VCID-vfvr-mjgk-4qce" }, { "vulnerability": "VCID-w1jg-8rdt-3ufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1" } ], "aliases": [ "CVE-2021-39903" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2uqd-mtms-fqaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256756?format=api", "vulnerability_id": "VCID-54ws-nrwe-wucv", "summary": "In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.5341", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53302", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53325", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53351", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53321", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53373", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53367", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53419", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53403", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53387", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53424", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.5343", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39898" }, { "reference_url": "https://security.archlinux.org/AVG-2503", "reference_id": "AVG-2503", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371830?format=api", "purl": "pkg:alpm/archlinux/gitlab@14.5.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17gb-vdxv-fqc4" }, { "vulnerability": "VCID-1f4t-7du8-q3ex" }, { "vulnerability": "VCID-5t99-3qbr-sfdj" }, { "vulnerability": "VCID-6ns1-mx95-5ffe" }, { "vulnerability": "VCID-71j9-ra1c-6uhm" }, { "vulnerability": "VCID-989x-8yn6-eqc8" }, { "vulnerability": "VCID-99uy-2jrp-u7cx" }, { "vulnerability": "VCID-9mm8-knzf-a3gb" }, { "vulnerability": "VCID-9wuq-32s1-nydy" }, { "vulnerability": "VCID-buuk-gsy3-w7bp" }, { "vulnerability": "VCID-gvwq-zqmf-ruak" }, { "vulnerability": "VCID-h8td-pdxx-y7en" }, { "vulnerability": "VCID-j8nr-cgq2-ubf9" }, { "vulnerability": "VCID-m6c7-dfbf-r7gr" }, { "vulnerability": "VCID-n2jn-c1k6-67b9" }, { "vulnerability": "VCID-t8nq-hx26-kfc7" }, { "vulnerability": "VCID-uzq6-eukx-8yhv" }, { "vulnerability": "VCID-vfvr-mjgk-4qce" }, { "vulnerability": "VCID-w1jg-8rdt-3ufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1" } ], "aliases": [ "CVE-2021-39898" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-54ws-nrwe-wucv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256771?format=api", "vulnerability_id": "VCID-6uvg-uqe6-tud1", "summary": "A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39907", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48113", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48044", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48082", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48103", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48053", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48106", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48101", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48124", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48099", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48111", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48163", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48158", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39907" }, { "reference_url": "https://security.archlinux.org/AVG-2503", "reference_id": "AVG-2503", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371830?format=api", "purl": "pkg:alpm/archlinux/gitlab@14.5.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17gb-vdxv-fqc4" }, { "vulnerability": "VCID-1f4t-7du8-q3ex" }, { "vulnerability": "VCID-5t99-3qbr-sfdj" }, { "vulnerability": "VCID-6ns1-mx95-5ffe" }, { "vulnerability": "VCID-71j9-ra1c-6uhm" }, { "vulnerability": "VCID-989x-8yn6-eqc8" }, { "vulnerability": "VCID-99uy-2jrp-u7cx" }, { "vulnerability": "VCID-9mm8-knzf-a3gb" }, { "vulnerability": "VCID-9wuq-32s1-nydy" }, { "vulnerability": "VCID-buuk-gsy3-w7bp" }, { "vulnerability": "VCID-gvwq-zqmf-ruak" }, { "vulnerability": "VCID-h8td-pdxx-y7en" }, { "vulnerability": "VCID-j8nr-cgq2-ubf9" }, { "vulnerability": "VCID-m6c7-dfbf-r7gr" }, { "vulnerability": "VCID-n2jn-c1k6-67b9" }, { "vulnerability": "VCID-t8nq-hx26-kfc7" }, { "vulnerability": "VCID-uzq6-eukx-8yhv" }, { "vulnerability": "VCID-vfvr-mjgk-4qce" }, { "vulnerability": "VCID-w1jg-8rdt-3ufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1" } ], "aliases": [ "CVE-2021-39907" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6uvg-uqe6-tud1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256753?format=api", "vulnerability_id": "VCID-dana-dyhj-4yec", "summary": "In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51513", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51385", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51436", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51463", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51423", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51476", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51474", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51518", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51497", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51484", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51526", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51535", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39895" }, { "reference_url": "https://security.archlinux.org/AVG-2503", "reference_id": "AVG-2503", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371830?format=api", "purl": "pkg:alpm/archlinux/gitlab@14.5.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17gb-vdxv-fqc4" }, { "vulnerability": "VCID-1f4t-7du8-q3ex" }, { "vulnerability": "VCID-5t99-3qbr-sfdj" }, { "vulnerability": "VCID-6ns1-mx95-5ffe" }, { "vulnerability": "VCID-71j9-ra1c-6uhm" }, { "vulnerability": "VCID-989x-8yn6-eqc8" }, { "vulnerability": "VCID-99uy-2jrp-u7cx" }, { "vulnerability": "VCID-9mm8-knzf-a3gb" }, { "vulnerability": "VCID-9wuq-32s1-nydy" }, { "vulnerability": "VCID-buuk-gsy3-w7bp" }, { "vulnerability": "VCID-gvwq-zqmf-ruak" }, { "vulnerability": "VCID-h8td-pdxx-y7en" }, { "vulnerability": "VCID-j8nr-cgq2-ubf9" }, { "vulnerability": "VCID-m6c7-dfbf-r7gr" }, { "vulnerability": "VCID-n2jn-c1k6-67b9" }, { "vulnerability": "VCID-t8nq-hx26-kfc7" }, { "vulnerability": "VCID-uzq6-eukx-8yhv" }, { "vulnerability": "VCID-vfvr-mjgk-4qce" }, { "vulnerability": "VCID-w1jg-8rdt-3ufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1" } ], "aliases": [ "CVE-2021-39895" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dana-dyhj-4yec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256774?format=api", "vulnerability_id": "VCID-de8b-d4wk-y3g2", "summary": "Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15021", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15144", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15184", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15251", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15055", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15143", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15194", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15164", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15126", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15061", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14961", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1497", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39909" }, { "reference_url": "https://security.archlinux.org/AVG-2503", "reference_id": "AVG-2503", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371830?format=api", "purl": "pkg:alpm/archlinux/gitlab@14.5.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17gb-vdxv-fqc4" }, { "vulnerability": "VCID-1f4t-7du8-q3ex" }, { "vulnerability": "VCID-5t99-3qbr-sfdj" }, { "vulnerability": "VCID-6ns1-mx95-5ffe" }, { "vulnerability": "VCID-71j9-ra1c-6uhm" }, { "vulnerability": "VCID-989x-8yn6-eqc8" }, { "vulnerability": "VCID-99uy-2jrp-u7cx" }, { "vulnerability": "VCID-9mm8-knzf-a3gb" }, { "vulnerability": "VCID-9wuq-32s1-nydy" }, { "vulnerability": "VCID-buuk-gsy3-w7bp" }, { "vulnerability": "VCID-gvwq-zqmf-ruak" }, { "vulnerability": "VCID-h8td-pdxx-y7en" }, { "vulnerability": "VCID-j8nr-cgq2-ubf9" }, { "vulnerability": "VCID-m6c7-dfbf-r7gr" }, { "vulnerability": "VCID-n2jn-c1k6-67b9" }, { "vulnerability": "VCID-t8nq-hx26-kfc7" }, { "vulnerability": "VCID-uzq6-eukx-8yhv" }, { "vulnerability": "VCID-vfvr-mjgk-4qce" }, { "vulnerability": "VCID-w1jg-8rdt-3ufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1" } ], "aliases": [ "CVE-2021-39909" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-de8b-d4wk-y3g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256762?format=api", "vulnerability_id": "VCID-f663-qdnt-4fhz", "summary": "Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39902", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45329", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45239", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.4532", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45342", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45285", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.4534", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45362", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.4533", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45332", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45383", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45379", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39902" }, { "reference_url": "https://security.archlinux.org/AVG-2503", "reference_id": "AVG-2503", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371830?format=api", "purl": "pkg:alpm/archlinux/gitlab@14.5.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17gb-vdxv-fqc4" }, { "vulnerability": "VCID-1f4t-7du8-q3ex" }, { "vulnerability": "VCID-5t99-3qbr-sfdj" }, { "vulnerability": "VCID-6ns1-mx95-5ffe" }, { "vulnerability": "VCID-71j9-ra1c-6uhm" }, { "vulnerability": "VCID-989x-8yn6-eqc8" }, { "vulnerability": "VCID-99uy-2jrp-u7cx" }, { "vulnerability": "VCID-9mm8-knzf-a3gb" }, { "vulnerability": "VCID-9wuq-32s1-nydy" }, { "vulnerability": "VCID-buuk-gsy3-w7bp" }, { "vulnerability": "VCID-gvwq-zqmf-ruak" }, { "vulnerability": "VCID-h8td-pdxx-y7en" }, { "vulnerability": "VCID-j8nr-cgq2-ubf9" }, { "vulnerability": "VCID-m6c7-dfbf-r7gr" }, { "vulnerability": "VCID-n2jn-c1k6-67b9" }, { "vulnerability": "VCID-t8nq-hx26-kfc7" }, { "vulnerability": "VCID-uzq6-eukx-8yhv" }, { "vulnerability": "VCID-vfvr-mjgk-4qce" }, { "vulnerability": "VCID-w1jg-8rdt-3ufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1" } ], "aliases": [ "CVE-2021-39902" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f663-qdnt-4fhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256769?format=api", "vulnerability_id": "VCID-j6gp-wgz9-17h6", "summary": "Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39906", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78793", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.7872", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78728", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78759", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78741", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78767", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78774", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78797", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.7878", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78771", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.788", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78798", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39906" }, { "reference_url": "https://security.archlinux.org/AVG-2503", "reference_id": "AVG-2503", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371830?format=api", "purl": "pkg:alpm/archlinux/gitlab@14.5.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17gb-vdxv-fqc4" }, { "vulnerability": "VCID-1f4t-7du8-q3ex" }, { "vulnerability": "VCID-5t99-3qbr-sfdj" }, { "vulnerability": "VCID-6ns1-mx95-5ffe" }, { "vulnerability": "VCID-71j9-ra1c-6uhm" }, { "vulnerability": "VCID-989x-8yn6-eqc8" }, { "vulnerability": "VCID-99uy-2jrp-u7cx" }, { "vulnerability": "VCID-9mm8-knzf-a3gb" }, { "vulnerability": "VCID-9wuq-32s1-nydy" }, { "vulnerability": "VCID-buuk-gsy3-w7bp" }, { "vulnerability": "VCID-gvwq-zqmf-ruak" }, { "vulnerability": "VCID-h8td-pdxx-y7en" }, { "vulnerability": "VCID-j8nr-cgq2-ubf9" }, { "vulnerability": "VCID-m6c7-dfbf-r7gr" }, { "vulnerability": "VCID-n2jn-c1k6-67b9" }, { "vulnerability": "VCID-t8nq-hx26-kfc7" }, { "vulnerability": "VCID-uzq6-eukx-8yhv" }, { "vulnerability": "VCID-vfvr-mjgk-4qce" }, { "vulnerability": "VCID-w1jg-8rdt-3ufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1" } ], "aliases": [ "CVE-2021-39906" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j6gp-wgz9-17h6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256777?format=api", "vulnerability_id": "VCID-r36y-zth9-2bbv", "summary": "An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39911", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44509", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44459", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44528", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.4455", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44488", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44539", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44544", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.4456", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.4453", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44532", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44587", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44579", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39911" }, { "reference_url": "https://security.archlinux.org/AVG-2503", "reference_id": "AVG-2503", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371830?format=api", "purl": "pkg:alpm/archlinux/gitlab@14.5.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17gb-vdxv-fqc4" }, { "vulnerability": "VCID-1f4t-7du8-q3ex" }, { "vulnerability": "VCID-5t99-3qbr-sfdj" }, { "vulnerability": "VCID-6ns1-mx95-5ffe" }, { "vulnerability": "VCID-71j9-ra1c-6uhm" }, { "vulnerability": "VCID-989x-8yn6-eqc8" }, { "vulnerability": "VCID-99uy-2jrp-u7cx" }, { "vulnerability": "VCID-9mm8-knzf-a3gb" }, { "vulnerability": "VCID-9wuq-32s1-nydy" }, { "vulnerability": "VCID-buuk-gsy3-w7bp" }, { "vulnerability": "VCID-gvwq-zqmf-ruak" }, { "vulnerability": "VCID-h8td-pdxx-y7en" }, { "vulnerability": "VCID-j8nr-cgq2-ubf9" }, { "vulnerability": "VCID-m6c7-dfbf-r7gr" }, { "vulnerability": "VCID-n2jn-c1k6-67b9" }, { "vulnerability": "VCID-t8nq-hx26-kfc7" }, { "vulnerability": "VCID-uzq6-eukx-8yhv" }, { "vulnerability": "VCID-vfvr-mjgk-4qce" }, { "vulnerability": "VCID-w1jg-8rdt-3ufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1" } ], "aliases": [ "CVE-2021-39911" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r36y-zth9-2bbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256779?format=api", "vulnerability_id": "VCID-sxfm-yjar-r3gy", "summary": "A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39912", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48113", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48044", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48082", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48103", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48053", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48106", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48101", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48124", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48099", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48111", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48163", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48158", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39912" }, { "reference_url": "https://security.archlinux.org/AVG-2503", "reference_id": "AVG-2503", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371830?format=api", "purl": "pkg:alpm/archlinux/gitlab@14.5.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17gb-vdxv-fqc4" }, { "vulnerability": "VCID-1f4t-7du8-q3ex" }, { "vulnerability": "VCID-5t99-3qbr-sfdj" }, { "vulnerability": "VCID-6ns1-mx95-5ffe" }, { "vulnerability": "VCID-71j9-ra1c-6uhm" }, { "vulnerability": "VCID-989x-8yn6-eqc8" }, { "vulnerability": "VCID-99uy-2jrp-u7cx" }, { "vulnerability": "VCID-9mm8-knzf-a3gb" }, { "vulnerability": "VCID-9wuq-32s1-nydy" }, { "vulnerability": "VCID-buuk-gsy3-w7bp" }, { "vulnerability": "VCID-gvwq-zqmf-ruak" }, { "vulnerability": "VCID-h8td-pdxx-y7en" }, { "vulnerability": "VCID-j8nr-cgq2-ubf9" }, { "vulnerability": "VCID-m6c7-dfbf-r7gr" }, { "vulnerability": "VCID-n2jn-c1k6-67b9" }, { "vulnerability": "VCID-t8nq-hx26-kfc7" }, { "vulnerability": "VCID-uzq6-eukx-8yhv" }, { "vulnerability": "VCID-vfvr-mjgk-4qce" }, { "vulnerability": "VCID-w1jg-8rdt-3ufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1" } ], "aliases": [ "CVE-2021-39912" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sxfm-yjar-r3gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256768?format=api", "vulnerability_id": "VCID-ubka-br7q-dyax", "summary": "An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39905", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.5335", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53244", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53267", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53293", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53262", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53314", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53309", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53359", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53344", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53327", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53365", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.5337", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39905" }, { "reference_url": "https://security.archlinux.org/AVG-2503", "reference_id": "AVG-2503", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371830?format=api", "purl": "pkg:alpm/archlinux/gitlab@14.5.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17gb-vdxv-fqc4" }, { "vulnerability": "VCID-1f4t-7du8-q3ex" }, { "vulnerability": "VCID-5t99-3qbr-sfdj" }, { "vulnerability": "VCID-6ns1-mx95-5ffe" }, { "vulnerability": "VCID-71j9-ra1c-6uhm" }, { "vulnerability": "VCID-989x-8yn6-eqc8" }, { "vulnerability": "VCID-99uy-2jrp-u7cx" }, { "vulnerability": "VCID-9mm8-knzf-a3gb" }, { "vulnerability": "VCID-9wuq-32s1-nydy" }, { "vulnerability": "VCID-buuk-gsy3-w7bp" }, { "vulnerability": "VCID-gvwq-zqmf-ruak" }, { "vulnerability": "VCID-h8td-pdxx-y7en" }, { "vulnerability": "VCID-j8nr-cgq2-ubf9" }, { "vulnerability": "VCID-m6c7-dfbf-r7gr" }, { "vulnerability": "VCID-n2jn-c1k6-67b9" }, { "vulnerability": "VCID-t8nq-hx26-kfc7" }, { "vulnerability": "VCID-uzq6-eukx-8yhv" }, { "vulnerability": "VCID-vfvr-mjgk-4qce" }, { "vulnerability": "VCID-w1jg-8rdt-3ufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1" } ], "aliases": [ "CVE-2021-39905" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ubka-br7q-dyax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256755?format=api", "vulnerability_id": "VCID-utt5-yq43-tydb", "summary": "Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52387", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52257", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.523", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52328", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.5229", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52343", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52338", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52388", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52373", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52359", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52397", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52403", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39897" }, { "reference_url": "https://security.archlinux.org/AVG-2503", "reference_id": "AVG-2503", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371830?format=api", "purl": "pkg:alpm/archlinux/gitlab@14.5.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17gb-vdxv-fqc4" }, { "vulnerability": "VCID-1f4t-7du8-q3ex" }, { "vulnerability": "VCID-5t99-3qbr-sfdj" }, { "vulnerability": "VCID-6ns1-mx95-5ffe" }, { "vulnerability": "VCID-71j9-ra1c-6uhm" }, { "vulnerability": "VCID-989x-8yn6-eqc8" }, { "vulnerability": "VCID-99uy-2jrp-u7cx" }, { "vulnerability": "VCID-9mm8-knzf-a3gb" }, { "vulnerability": "VCID-9wuq-32s1-nydy" }, { "vulnerability": "VCID-buuk-gsy3-w7bp" }, { "vulnerability": "VCID-gvwq-zqmf-ruak" }, { "vulnerability": "VCID-h8td-pdxx-y7en" }, { "vulnerability": "VCID-j8nr-cgq2-ubf9" }, { "vulnerability": "VCID-m6c7-dfbf-r7gr" }, { "vulnerability": "VCID-n2jn-c1k6-67b9" }, { "vulnerability": "VCID-t8nq-hx26-kfc7" }, { "vulnerability": "VCID-uzq6-eukx-8yhv" }, { "vulnerability": "VCID-vfvr-mjgk-4qce" }, { "vulnerability": "VCID-w1jg-8rdt-3ufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1" } ], "aliases": [ "CVE-2021-39897" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-utt5-yq43-tydb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256780?format=api", "vulnerability_id": "VCID-vqxg-nt2j-skcd", "summary": "Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39913", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18877", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18953", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1909", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19141", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18858", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18937", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1899", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18997", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1895", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18899", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18854", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18866", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39913" }, { "reference_url": "https://security.archlinux.org/AVG-2503", "reference_id": "AVG-2503", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371830?format=api", "purl": "pkg:alpm/archlinux/gitlab@14.5.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17gb-vdxv-fqc4" }, { "vulnerability": "VCID-1f4t-7du8-q3ex" }, { "vulnerability": "VCID-5t99-3qbr-sfdj" }, { "vulnerability": "VCID-6ns1-mx95-5ffe" }, { "vulnerability": "VCID-71j9-ra1c-6uhm" }, { "vulnerability": "VCID-989x-8yn6-eqc8" }, { "vulnerability": "VCID-99uy-2jrp-u7cx" }, { "vulnerability": "VCID-9mm8-knzf-a3gb" }, { "vulnerability": "VCID-9wuq-32s1-nydy" }, { "vulnerability": "VCID-buuk-gsy3-w7bp" }, { "vulnerability": "VCID-gvwq-zqmf-ruak" }, { "vulnerability": "VCID-h8td-pdxx-y7en" }, { "vulnerability": "VCID-j8nr-cgq2-ubf9" }, { "vulnerability": "VCID-m6c7-dfbf-r7gr" }, { "vulnerability": "VCID-n2jn-c1k6-67b9" }, { "vulnerability": "VCID-t8nq-hx26-kfc7" }, { "vulnerability": "VCID-uzq6-eukx-8yhv" }, { "vulnerability": "VCID-vfvr-mjgk-4qce" }, { "vulnerability": "VCID-w1jg-8rdt-3ufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1" } ], "aliases": [ "CVE-2021-39913" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vqxg-nt2j-skcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256760?format=api", "vulnerability_id": "VCID-w5ry-7u68-vbhz", "summary": "In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39901", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52648", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52514", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52559", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52586", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52553", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52605", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52599", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52649", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52632", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52618", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52656", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52663", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39901" }, { "reference_url": "https://security.archlinux.org/AVG-2503", "reference_id": "AVG-2503", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371830?format=api", "purl": "pkg:alpm/archlinux/gitlab@14.5.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17gb-vdxv-fqc4" }, { "vulnerability": "VCID-1f4t-7du8-q3ex" }, { "vulnerability": "VCID-5t99-3qbr-sfdj" }, { "vulnerability": "VCID-6ns1-mx95-5ffe" }, { "vulnerability": "VCID-71j9-ra1c-6uhm" }, { "vulnerability": "VCID-989x-8yn6-eqc8" }, { "vulnerability": "VCID-99uy-2jrp-u7cx" }, { "vulnerability": "VCID-9mm8-knzf-a3gb" }, { "vulnerability": "VCID-9wuq-32s1-nydy" }, { "vulnerability": "VCID-buuk-gsy3-w7bp" }, { "vulnerability": "VCID-gvwq-zqmf-ruak" }, { "vulnerability": "VCID-h8td-pdxx-y7en" }, { "vulnerability": "VCID-j8nr-cgq2-ubf9" }, { "vulnerability": "VCID-m6c7-dfbf-r7gr" }, { "vulnerability": "VCID-n2jn-c1k6-67b9" }, { "vulnerability": "VCID-t8nq-hx26-kfc7" }, { "vulnerability": "VCID-uzq6-eukx-8yhv" }, { "vulnerability": "VCID-vfvr-mjgk-4qce" }, { "vulnerability": "VCID-w1jg-8rdt-3ufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1" } ], "aliases": [ "CVE-2021-39901" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w5ry-7u68-vbhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256781?format=api", "vulnerability_id": "VCID-xm82-tdpb-buf6", "summary": "A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39914", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39072", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38982", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39169", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.3919", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.3911", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39164", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39181", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39192", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39156", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39137", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39191", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39161", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39914" }, { "reference_url": "https://security.archlinux.org/AVG-2503", "reference_id": "AVG-2503", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371830?format=api", "purl": "pkg:alpm/archlinux/gitlab@14.5.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17gb-vdxv-fqc4" }, { "vulnerability": "VCID-1f4t-7du8-q3ex" }, { "vulnerability": "VCID-5t99-3qbr-sfdj" }, { "vulnerability": "VCID-6ns1-mx95-5ffe" }, { "vulnerability": "VCID-71j9-ra1c-6uhm" }, { "vulnerability": "VCID-989x-8yn6-eqc8" }, { "vulnerability": "VCID-99uy-2jrp-u7cx" }, { "vulnerability": "VCID-9mm8-knzf-a3gb" }, { "vulnerability": "VCID-9wuq-32s1-nydy" }, { "vulnerability": "VCID-buuk-gsy3-w7bp" }, { "vulnerability": "VCID-gvwq-zqmf-ruak" }, { "vulnerability": "VCID-h8td-pdxx-y7en" }, { "vulnerability": "VCID-j8nr-cgq2-ubf9" }, { "vulnerability": "VCID-m6c7-dfbf-r7gr" }, { "vulnerability": "VCID-n2jn-c1k6-67b9" }, { "vulnerability": "VCID-t8nq-hx26-kfc7" }, { "vulnerability": "VCID-uzq6-eukx-8yhv" }, { "vulnerability": "VCID-vfvr-mjgk-4qce" }, { "vulnerability": "VCID-w1jg-8rdt-3ufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1" } ], "aliases": [ "CVE-2021-39914" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xm82-tdpb-buf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256766?format=api", "vulnerability_id": "VCID-zy36-rb3k-y7eg", "summary": "An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31166", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31194", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31321", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31363", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31182", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31235", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31266", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.3127", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31226", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31215", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31197", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39904" }, { "reference_url": "https://security.archlinux.org/AVG-2503", "reference_id": "AVG-2503", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371830?format=api", "purl": "pkg:alpm/archlinux/gitlab@14.5.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17gb-vdxv-fqc4" }, { "vulnerability": "VCID-1f4t-7du8-q3ex" }, { "vulnerability": "VCID-5t99-3qbr-sfdj" }, { "vulnerability": "VCID-6ns1-mx95-5ffe" }, { "vulnerability": "VCID-71j9-ra1c-6uhm" }, { "vulnerability": "VCID-989x-8yn6-eqc8" }, { "vulnerability": "VCID-99uy-2jrp-u7cx" }, { "vulnerability": "VCID-9mm8-knzf-a3gb" }, { "vulnerability": "VCID-9wuq-32s1-nydy" }, { "vulnerability": "VCID-buuk-gsy3-w7bp" }, { "vulnerability": "VCID-gvwq-zqmf-ruak" }, { "vulnerability": "VCID-h8td-pdxx-y7en" }, { "vulnerability": "VCID-j8nr-cgq2-ubf9" }, { "vulnerability": "VCID-m6c7-dfbf-r7gr" }, { "vulnerability": "VCID-n2jn-c1k6-67b9" }, { "vulnerability": "VCID-t8nq-hx26-kfc7" }, { "vulnerability": "VCID-uzq6-eukx-8yhv" }, { "vulnerability": "VCID-vfvr-mjgk-4qce" }, { "vulnerability": "VCID-w1jg-8rdt-3ufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.5.0-1" } ], "aliases": [ "CVE-2021-39904" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zy36-rb3k-y7eg" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.3-2" }