Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:alpm/archlinux/gitlab@14.3.0-1
Typealpm
Namespacearchlinux
Namegitlab
Version14.3.0-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version14.3.1-1
Latest_non_vulnerable_version15.2.1-1
Affected_by_vulnerabilities
0
url VCID-1tp6-v3h3-sfc1
vulnerability_id VCID-1tp6-v3h3-sfc1
summary A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39866
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49504
published_at 2026-04-21T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.49439
published_at 2026-04-01T12:55:00Z
2
value 0.00261
scoring_system epss
scoring_elements 0.49467
published_at 2026-04-02T12:55:00Z
3
value 0.00261
scoring_system epss
scoring_elements 0.49494
published_at 2026-04-24T12:55:00Z
4
value 0.00261
scoring_system epss
scoring_elements 0.49447
published_at 2026-04-07T12:55:00Z
5
value 0.00261
scoring_system epss
scoring_elements 0.49502
published_at 2026-04-08T12:55:00Z
6
value 0.00261
scoring_system epss
scoring_elements 0.49497
published_at 2026-04-09T12:55:00Z
7
value 0.00261
scoring_system epss
scoring_elements 0.49514
published_at 2026-04-11T12:55:00Z
8
value 0.00261
scoring_system epss
scoring_elements 0.49486
published_at 2026-04-12T12:55:00Z
9
value 0.00261
scoring_system epss
scoring_elements 0.49488
published_at 2026-04-13T12:55:00Z
10
value 0.00261
scoring_system epss
scoring_elements 0.49535
published_at 2026-04-16T12:55:00Z
11
value 0.00261
scoring_system epss
scoring_elements 0.49533
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39866
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39866
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1tp6-v3h3-sfc1
1
url VCID-1z31-8t4f-hbes
vulnerability_id VCID-1z31-8t4f-hbes
summary In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account and splitting the attack over several IP addresses and passing in the compromised session value from these various locations.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39899
reference_id
reference_type
scores
0
value 0.00073
scoring_system epss
scoring_elements 0.21863
published_at 2026-04-24T12:55:00Z
1
value 0.00073
scoring_system epss
scoring_elements 0.22017
published_at 2026-04-01T12:55:00Z
2
value 0.00073
scoring_system epss
scoring_elements 0.22175
published_at 2026-04-02T12:55:00Z
3
value 0.00073
scoring_system epss
scoring_elements 0.22223
published_at 2026-04-04T12:55:00Z
4
value 0.00073
scoring_system epss
scoring_elements 0.22006
published_at 2026-04-07T12:55:00Z
5
value 0.00073
scoring_system epss
scoring_elements 0.22087
published_at 2026-04-08T12:55:00Z
6
value 0.00073
scoring_system epss
scoring_elements 0.22142
published_at 2026-04-09T12:55:00Z
7
value 0.00073
scoring_system epss
scoring_elements 0.2216
published_at 2026-04-11T12:55:00Z
8
value 0.00073
scoring_system epss
scoring_elements 0.22119
published_at 2026-04-12T12:55:00Z
9
value 0.00073
scoring_system epss
scoring_elements 0.22059
published_at 2026-04-13T12:55:00Z
10
value 0.00073
scoring_system epss
scoring_elements 0.22058
published_at 2026-04-16T12:55:00Z
11
value 0.00073
scoring_system epss
scoring_elements 0.22051
published_at 2026-04-18T12:55:00Z
12
value 0.00073
scoring_system epss
scoring_elements 0.22004
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39899
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39899
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1z31-8t4f-hbes
2
url VCID-2c2h-bx69-sycp
vulnerability_id VCID-2c2h-bx69-sycp
summary In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39889
reference_id
reference_type
scores
0
value 0.00245
scoring_system epss
scoring_elements 0.4777
published_at 2026-04-24T12:55:00Z
1
value 0.00245
scoring_system epss
scoring_elements 0.47719
published_at 2026-04-01T12:55:00Z
2
value 0.00245
scoring_system epss
scoring_elements 0.47757
published_at 2026-04-02T12:55:00Z
3
value 0.00245
scoring_system epss
scoring_elements 0.47777
published_at 2026-04-12T12:55:00Z
4
value 0.00245
scoring_system epss
scoring_elements 0.47726
published_at 2026-04-07T12:55:00Z
5
value 0.00245
scoring_system epss
scoring_elements 0.4778
published_at 2026-04-08T12:55:00Z
6
value 0.00245
scoring_system epss
scoring_elements 0.47776
published_at 2026-04-09T12:55:00Z
7
value 0.00245
scoring_system epss
scoring_elements 0.47801
published_at 2026-04-11T12:55:00Z
8
value 0.00245
scoring_system epss
scoring_elements 0.47787
published_at 2026-04-21T12:55:00Z
9
value 0.00245
scoring_system epss
scoring_elements 0.47842
published_at 2026-04-16T12:55:00Z
10
value 0.00245
scoring_system epss
scoring_elements 0.47834
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39889
1
reference_url https://security.archlinux.org/AVG-2432
reference_id AVG-2432
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2432
fixed_packages
aliases CVE-2021-39889
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2c2h-bx69-sycp
3
url VCID-2mrs-2r3z-9qew
vulnerability_id VCID-2mrs-2r3z-9qew
summary In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39888
reference_id
reference_type
scores
0
value 0.00255
scoring_system epss
scoring_elements 0.48873
published_at 2026-04-24T12:55:00Z
1
value 0.00255
scoring_system epss
scoring_elements 0.48813
published_at 2026-04-01T12:55:00Z
2
value 0.00255
scoring_system epss
scoring_elements 0.4885
published_at 2026-04-02T12:55:00Z
3
value 0.00255
scoring_system epss
scoring_elements 0.48876
published_at 2026-04-04T12:55:00Z
4
value 0.00255
scoring_system epss
scoring_elements 0.4883
published_at 2026-04-07T12:55:00Z
5
value 0.00255
scoring_system epss
scoring_elements 0.48884
published_at 2026-04-08T12:55:00Z
6
value 0.00255
scoring_system epss
scoring_elements 0.48881
published_at 2026-04-09T12:55:00Z
7
value 0.00255
scoring_system epss
scoring_elements 0.48897
published_at 2026-04-11T12:55:00Z
8
value 0.00255
scoring_system epss
scoring_elements 0.48872
published_at 2026-04-12T12:55:00Z
9
value 0.00255
scoring_system epss
scoring_elements 0.4888
published_at 2026-04-13T12:55:00Z
10
value 0.00255
scoring_system epss
scoring_elements 0.48928
published_at 2026-04-16T12:55:00Z
11
value 0.00255
scoring_system epss
scoring_elements 0.48924
published_at 2026-04-18T12:55:00Z
12
value 0.00255
scoring_system epss
scoring_elements 0.48885
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39888
1
reference_url https://security.archlinux.org/AVG-2432
reference_id AVG-2432
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2432
fixed_packages
aliases CVE-2021-39888
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2mrs-2r3z-9qew
4
url VCID-2smt-c8fa-5qhf
vulnerability_id VCID-2smt-c8fa-5qhf
summary A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39893
reference_id
reference_type
scores
0
value 0.00395
scoring_system epss
scoring_elements 0.60357
published_at 2026-04-24T12:55:00Z
1
value 0.00395
scoring_system epss
scoring_elements 0.60218
published_at 2026-04-01T12:55:00Z
2
value 0.00395
scoring_system epss
scoring_elements 0.60294
published_at 2026-04-02T12:55:00Z
3
value 0.00395
scoring_system epss
scoring_elements 0.60319
published_at 2026-04-04T12:55:00Z
4
value 0.00395
scoring_system epss
scoring_elements 0.60287
published_at 2026-04-07T12:55:00Z
5
value 0.00395
scoring_system epss
scoring_elements 0.60337
published_at 2026-04-08T12:55:00Z
6
value 0.00395
scoring_system epss
scoring_elements 0.60353
published_at 2026-04-09T12:55:00Z
7
value 0.00395
scoring_system epss
scoring_elements 0.60374
published_at 2026-04-11T12:55:00Z
8
value 0.00395
scoring_system epss
scoring_elements 0.6036
published_at 2026-04-12T12:55:00Z
9
value 0.00395
scoring_system epss
scoring_elements 0.60342
published_at 2026-04-13T12:55:00Z
10
value 0.00395
scoring_system epss
scoring_elements 0.60383
published_at 2026-04-16T12:55:00Z
11
value 0.00395
scoring_system epss
scoring_elements 0.60391
published_at 2026-04-18T12:55:00Z
12
value 0.00395
scoring_system epss
scoring_elements 0.6038
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39893
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39893
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2smt-c8fa-5qhf
5
url VCID-48bc-4shc-9yax
vulnerability_id VCID-48bc-4shc-9yax
summary A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22259
reference_id
reference_type
scores
0
value 0.00282
scoring_system epss
scoring_elements 0.51588
published_at 2026-04-24T12:55:00Z
1
value 0.00282
scoring_system epss
scoring_elements 0.51506
published_at 2026-04-01T12:55:00Z
2
value 0.00282
scoring_system epss
scoring_elements 0.51558
published_at 2026-04-02T12:55:00Z
3
value 0.00282
scoring_system epss
scoring_elements 0.51585
published_at 2026-04-04T12:55:00Z
4
value 0.00282
scoring_system epss
scoring_elements 0.51546
published_at 2026-04-07T12:55:00Z
5
value 0.00282
scoring_system epss
scoring_elements 0.516
published_at 2026-04-08T12:55:00Z
6
value 0.00282
scoring_system epss
scoring_elements 0.51597
published_at 2026-04-09T12:55:00Z
7
value 0.00282
scoring_system epss
scoring_elements 0.51646
published_at 2026-04-11T12:55:00Z
8
value 0.00282
scoring_system epss
scoring_elements 0.51625
published_at 2026-04-12T12:55:00Z
9
value 0.00282
scoring_system epss
scoring_elements 0.51609
published_at 2026-04-13T12:55:00Z
10
value 0.00282
scoring_system epss
scoring_elements 0.5165
published_at 2026-04-16T12:55:00Z
11
value 0.00282
scoring_system epss
scoring_elements 0.51657
published_at 2026-04-18T12:55:00Z
12
value 0.00282
scoring_system epss
scoring_elements 0.51636
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22259
1
reference_url https://security.archlinux.org/AVG-2432
reference_id AVG-2432
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2432
fixed_packages
aliases CVE-2021-22259
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48bc-4shc-9yax
6
url VCID-4pa9-gyq6-u7ht
vulnerability_id VCID-4pa9-gyq6-u7ht
summary In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39896
reference_id
reference_type
scores
0
value 0.00197
scoring_system epss
scoring_elements 0.41467
published_at 2026-04-24T12:55:00Z
1
value 0.00197
scoring_system epss
scoring_elements 0.4155
published_at 2026-04-01T12:55:00Z
2
value 0.00197
scoring_system epss
scoring_elements 0.41638
published_at 2026-04-02T12:55:00Z
3
value 0.00197
scoring_system epss
scoring_elements 0.41666
published_at 2026-04-04T12:55:00Z
4
value 0.00197
scoring_system epss
scoring_elements 0.41593
published_at 2026-04-07T12:55:00Z
5
value 0.00197
scoring_system epss
scoring_elements 0.41643
published_at 2026-04-12T12:55:00Z
6
value 0.00197
scoring_system epss
scoring_elements 0.41652
published_at 2026-04-09T12:55:00Z
7
value 0.00197
scoring_system epss
scoring_elements 0.41675
published_at 2026-04-11T12:55:00Z
8
value 0.00197
scoring_system epss
scoring_elements 0.41628
published_at 2026-04-13T12:55:00Z
9
value 0.00197
scoring_system epss
scoring_elements 0.41676
published_at 2026-04-16T12:55:00Z
10
value 0.00197
scoring_system epss
scoring_elements 0.41649
published_at 2026-04-18T12:55:00Z
11
value 0.00197
scoring_system epss
scoring_elements 0.41574
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39896
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39896
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4pa9-gyq6-u7ht
7
url VCID-55t2-2xm4-eqdt
vulnerability_id VCID-55t2-2xm4-eqdt
summary In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's impersonation of a user are not cleared at the end of impersonation which may lead to unnecessary sensitive info disclosure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39891
reference_id
reference_type
scores
0
value 0.00114
scoring_system epss
scoring_elements 0.29786
published_at 2026-04-24T12:55:00Z
1
value 0.00114
scoring_system epss
scoring_elements 0.30008
published_at 2026-04-11T12:55:00Z
2
value 0.00114
scoring_system epss
scoring_elements 0.30047
published_at 2026-04-02T12:55:00Z
3
value 0.00114
scoring_system epss
scoring_elements 0.30093
published_at 2026-04-04T12:55:00Z
4
value 0.00114
scoring_system epss
scoring_elements 0.29906
published_at 2026-04-07T12:55:00Z
5
value 0.00114
scoring_system epss
scoring_elements 0.29968
published_at 2026-04-08T12:55:00Z
6
value 0.00114
scoring_system epss
scoring_elements 0.30003
published_at 2026-04-09T12:55:00Z
7
value 0.00114
scoring_system epss
scoring_elements 0.29962
published_at 2026-04-12T12:55:00Z
8
value 0.00114
scoring_system epss
scoring_elements 0.29913
published_at 2026-04-13T12:55:00Z
9
value 0.00114
scoring_system epss
scoring_elements 0.29931
published_at 2026-04-16T12:55:00Z
10
value 0.00114
scoring_system epss
scoring_elements 0.2991
published_at 2026-04-18T12:55:00Z
11
value 0.00114
scoring_system epss
scoring_elements 0.29864
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39891
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39891
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-55t2-2xm4-eqdt
8
url VCID-63cc-p6xr-qqcc
vulnerability_id VCID-63cc-p6xr-qqcc
summary A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39878
reference_id
reference_type
scores
0
value 0.00185
scoring_system epss
scoring_elements 0.39972
published_at 2026-04-24T12:55:00Z
1
value 0.00185
scoring_system epss
scoring_elements 0.40091
published_at 2026-04-01T12:55:00Z
2
value 0.00185
scoring_system epss
scoring_elements 0.40241
published_at 2026-04-08T12:55:00Z
3
value 0.00185
scoring_system epss
scoring_elements 0.40266
published_at 2026-04-04T12:55:00Z
4
value 0.00185
scoring_system epss
scoring_elements 0.40188
published_at 2026-04-07T12:55:00Z
5
value 0.00185
scoring_system epss
scoring_elements 0.40251
published_at 2026-04-09T12:55:00Z
6
value 0.00185
scoring_system epss
scoring_elements 0.40263
published_at 2026-04-11T12:55:00Z
7
value 0.00185
scoring_system epss
scoring_elements 0.40225
published_at 2026-04-12T12:55:00Z
8
value 0.00185
scoring_system epss
scoring_elements 0.40205
published_at 2026-04-13T12:55:00Z
9
value 0.00185
scoring_system epss
scoring_elements 0.40253
published_at 2026-04-16T12:55:00Z
10
value 0.00185
scoring_system epss
scoring_elements 0.40223
published_at 2026-04-18T12:55:00Z
11
value 0.00185
scoring_system epss
scoring_elements 0.40146
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39878
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39878
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63cc-p6xr-qqcc
9
url VCID-6y4r-d3eu-hqcp
vulnerability_id VCID-6y4r-d3eu-hqcp
summary In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39869
reference_id
reference_type
scores
0
value 0.00248
scoring_system epss
scoring_elements 0.48037
published_at 2026-04-24T12:55:00Z
1
value 0.00248
scoring_system epss
scoring_elements 0.47985
published_at 2026-04-01T12:55:00Z
2
value 0.00248
scoring_system epss
scoring_elements 0.48023
published_at 2026-04-02T12:55:00Z
3
value 0.00248
scoring_system epss
scoring_elements 0.48044
published_at 2026-04-04T12:55:00Z
4
value 0.00248
scoring_system epss
scoring_elements 0.47994
published_at 2026-04-07T12:55:00Z
5
value 0.00248
scoring_system epss
scoring_elements 0.48047
published_at 2026-04-08T12:55:00Z
6
value 0.00248
scoring_system epss
scoring_elements 0.4804
published_at 2026-04-09T12:55:00Z
7
value 0.00248
scoring_system epss
scoring_elements 0.48065
published_at 2026-04-11T12:55:00Z
8
value 0.00248
scoring_system epss
scoring_elements 0.48041
published_at 2026-04-12T12:55:00Z
9
value 0.00248
scoring_system epss
scoring_elements 0.48053
published_at 2026-04-13T12:55:00Z
10
value 0.00248
scoring_system epss
scoring_elements 0.48105
published_at 2026-04-16T12:55:00Z
11
value 0.00248
scoring_system epss
scoring_elements 0.481
published_at 2026-04-18T12:55:00Z
12
value 0.00248
scoring_system epss
scoring_elements 0.48056
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39869
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39869
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6y4r-d3eu-hqcp
10
url VCID-7m1c-tbzh-fueb
vulnerability_id VCID-7m1c-tbzh-fueb
summary In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39881
reference_id
reference_type
scores
0
value 0.00252
scoring_system epss
scoring_elements 0.48582
published_at 2026-04-21T12:55:00Z
1
value 0.00252
scoring_system epss
scoring_elements 0.48511
published_at 2026-04-01T12:55:00Z
2
value 0.00252
scoring_system epss
scoring_elements 0.48546
published_at 2026-04-02T12:55:00Z
3
value 0.00252
scoring_system epss
scoring_elements 0.48569
published_at 2026-04-04T12:55:00Z
4
value 0.00252
scoring_system epss
scoring_elements 0.48521
published_at 2026-04-07T12:55:00Z
5
value 0.00252
scoring_system epss
scoring_elements 0.48575
published_at 2026-04-08T12:55:00Z
6
value 0.00252
scoring_system epss
scoring_elements 0.48571
published_at 2026-04-09T12:55:00Z
7
value 0.00252
scoring_system epss
scoring_elements 0.48593
published_at 2026-04-11T12:55:00Z
8
value 0.00252
scoring_system epss
scoring_elements 0.48566
published_at 2026-04-24T12:55:00Z
9
value 0.00252
scoring_system epss
scoring_elements 0.48578
published_at 2026-04-13T12:55:00Z
10
value 0.00252
scoring_system epss
scoring_elements 0.48629
published_at 2026-04-16T12:55:00Z
11
value 0.00252
scoring_system epss
scoring_elements 0.48624
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39881
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39881
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7m1c-tbzh-fueb
11
url VCID-81kf-hxfb-n3fb
vulnerability_id VCID-81kf-hxfb-n3fb
summary In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39867
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.34517
published_at 2026-04-24T12:55:00Z
1
value 0.00145
scoring_system epss
scoring_elements 0.3464
published_at 2026-04-01T12:55:00Z
2
value 0.00145
scoring_system epss
scoring_elements 0.34856
published_at 2026-04-02T12:55:00Z
3
value 0.00145
scoring_system epss
scoring_elements 0.34883
published_at 2026-04-04T12:55:00Z
4
value 0.00145
scoring_system epss
scoring_elements 0.3476
published_at 2026-04-07T12:55:00Z
5
value 0.00145
scoring_system epss
scoring_elements 0.34804
published_at 2026-04-08T12:55:00Z
6
value 0.00145
scoring_system epss
scoring_elements 0.34833
published_at 2026-04-09T12:55:00Z
7
value 0.00145
scoring_system epss
scoring_elements 0.34839
published_at 2026-04-11T12:55:00Z
8
value 0.00145
scoring_system epss
scoring_elements 0.348
published_at 2026-04-12T12:55:00Z
9
value 0.00145
scoring_system epss
scoring_elements 0.34776
published_at 2026-04-13T12:55:00Z
10
value 0.00145
scoring_system epss
scoring_elements 0.34811
published_at 2026-04-16T12:55:00Z
11
value 0.00145
scoring_system epss
scoring_elements 0.34795
published_at 2026-04-18T12:55:00Z
12
value 0.00145
scoring_system epss
scoring_elements 0.34755
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39867
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39867
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-81kf-hxfb-n3fb
12
url VCID-9f4x-xbya-sqgu
vulnerability_id VCID-9f4x-xbya-sqgu
summary In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39870
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.31204
published_at 2026-04-24T12:55:00Z
1
value 0.00123
scoring_system epss
scoring_elements 0.31384
published_at 2026-04-01T12:55:00Z
2
value 0.00123
scoring_system epss
scoring_elements 0.31521
published_at 2026-04-02T12:55:00Z
3
value 0.00123
scoring_system epss
scoring_elements 0.31563
published_at 2026-04-04T12:55:00Z
4
value 0.00123
scoring_system epss
scoring_elements 0.31381
published_at 2026-04-07T12:55:00Z
5
value 0.00123
scoring_system epss
scoring_elements 0.31434
published_at 2026-04-08T12:55:00Z
6
value 0.00123
scoring_system epss
scoring_elements 0.31465
published_at 2026-04-09T12:55:00Z
7
value 0.00123
scoring_system epss
scoring_elements 0.31468
published_at 2026-04-11T12:55:00Z
8
value 0.00123
scoring_system epss
scoring_elements 0.31425
published_at 2026-04-12T12:55:00Z
9
value 0.00123
scoring_system epss
scoring_elements 0.31389
published_at 2026-04-13T12:55:00Z
10
value 0.00123
scoring_system epss
scoring_elements 0.31422
published_at 2026-04-16T12:55:00Z
11
value 0.00123
scoring_system epss
scoring_elements 0.31402
published_at 2026-04-18T12:55:00Z
12
value 0.00123
scoring_system epss
scoring_elements 0.31373
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39870
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39870
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9f4x-xbya-sqgu
13
url VCID-9tyu-gmse-f3cj
vulnerability_id VCID-9tyu-gmse-f3cj
summary A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39887
reference_id
reference_type
scores
0
value 0.00202
scoring_system epss
scoring_elements 0.42194
published_at 2026-04-24T12:55:00Z
1
value 0.00202
scoring_system epss
scoring_elements 0.42251
published_at 2026-04-01T12:55:00Z
2
value 0.00202
scoring_system epss
scoring_elements 0.42326
published_at 2026-04-02T12:55:00Z
3
value 0.00202
scoring_system epss
scoring_elements 0.42354
published_at 2026-04-04T12:55:00Z
4
value 0.00202
scoring_system epss
scoring_elements 0.42296
published_at 2026-04-07T12:55:00Z
5
value 0.00202
scoring_system epss
scoring_elements 0.42344
published_at 2026-04-08T12:55:00Z
6
value 0.00202
scoring_system epss
scoring_elements 0.42351
published_at 2026-04-09T12:55:00Z
7
value 0.00202
scoring_system epss
scoring_elements 0.42374
published_at 2026-04-11T12:55:00Z
8
value 0.00202
scoring_system epss
scoring_elements 0.42337
published_at 2026-04-12T12:55:00Z
9
value 0.00202
scoring_system epss
scoring_elements 0.42309
published_at 2026-04-13T12:55:00Z
10
value 0.00202
scoring_system epss
scoring_elements 0.42359
published_at 2026-04-16T12:55:00Z
11
value 0.00202
scoring_system epss
scoring_elements 0.42335
published_at 2026-04-18T12:55:00Z
12
value 0.00202
scoring_system epss
scoring_elements 0.42262
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39887
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39887
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9tyu-gmse-f3cj
14
url VCID-b4ff-s1xj-27fx
vulnerability_id VCID-b4ff-s1xj-27fx
summary In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39875
reference_id
reference_type
scores
0
value 0.00299
scoring_system epss
scoring_elements 0.53231
published_at 2026-04-24T12:55:00Z
1
value 0.00299
scoring_system epss
scoring_elements 0.53153
published_at 2026-04-01T12:55:00Z
2
value 0.00299
scoring_system epss
scoring_elements 0.53177
published_at 2026-04-02T12:55:00Z
3
value 0.00299
scoring_system epss
scoring_elements 0.53202
published_at 2026-04-04T12:55:00Z
4
value 0.00299
scoring_system epss
scoring_elements 0.53169
published_at 2026-04-07T12:55:00Z
5
value 0.00299
scoring_system epss
scoring_elements 0.53222
published_at 2026-04-08T12:55:00Z
6
value 0.00299
scoring_system epss
scoring_elements 0.53216
published_at 2026-04-09T12:55:00Z
7
value 0.00299
scoring_system epss
scoring_elements 0.53267
published_at 2026-04-11T12:55:00Z
8
value 0.00299
scoring_system epss
scoring_elements 0.53253
published_at 2026-04-12T12:55:00Z
9
value 0.00299
scoring_system epss
scoring_elements 0.53236
published_at 2026-04-13T12:55:00Z
10
value 0.00299
scoring_system epss
scoring_elements 0.53273
published_at 2026-04-16T12:55:00Z
11
value 0.00299
scoring_system epss
scoring_elements 0.53279
published_at 2026-04-18T12:55:00Z
12
value 0.00299
scoring_system epss
scoring_elements 0.5326
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39875
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39875
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b4ff-s1xj-27fx
15
url VCID-ccmp-4xq2-ayau
vulnerability_id VCID-ccmp-4xq2-ayau
summary A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39877
reference_id
reference_type
scores
0
value 0.00178
scoring_system epss
scoring_elements 0.39109
published_at 2026-04-24T12:55:00Z
1
value 0.00178
scoring_system epss
scoring_elements 0.39237
published_at 2026-04-01T12:55:00Z
2
value 0.00178
scoring_system epss
scoring_elements 0.39405
published_at 2026-04-02T12:55:00Z
3
value 0.00178
scoring_system epss
scoring_elements 0.39428
published_at 2026-04-04T12:55:00Z
4
value 0.00178
scoring_system epss
scoring_elements 0.39343
published_at 2026-04-07T12:55:00Z
5
value 0.00178
scoring_system epss
scoring_elements 0.39398
published_at 2026-04-08T12:55:00Z
6
value 0.00178
scoring_system epss
scoring_elements 0.39415
published_at 2026-04-09T12:55:00Z
7
value 0.00178
scoring_system epss
scoring_elements 0.39426
published_at 2026-04-11T12:55:00Z
8
value 0.00178
scoring_system epss
scoring_elements 0.39387
published_at 2026-04-12T12:55:00Z
9
value 0.00178
scoring_system epss
scoring_elements 0.39369
published_at 2026-04-13T12:55:00Z
10
value 0.00178
scoring_system epss
scoring_elements 0.39421
published_at 2026-04-16T12:55:00Z
11
value 0.00178
scoring_system epss
scoring_elements 0.39392
published_at 2026-04-18T12:55:00Z
12
value 0.00178
scoring_system epss
scoring_elements 0.39306
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39877
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39877
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ccmp-4xq2-ayau
16
url VCID-ckry-v723-n7en
vulnerability_id VCID-ckry-v723-n7en
summary In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39894
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37239
published_at 2026-04-24T12:55:00Z
1
value 0.00165
scoring_system epss
scoring_elements 0.37411
published_at 2026-04-01T12:55:00Z
2
value 0.00165
scoring_system epss
scoring_elements 0.37577
published_at 2026-04-02T12:55:00Z
3
value 0.00165
scoring_system epss
scoring_elements 0.37601
published_at 2026-04-04T12:55:00Z
4
value 0.00165
scoring_system epss
scoring_elements 0.37478
published_at 2026-04-07T12:55:00Z
5
value 0.00165
scoring_system epss
scoring_elements 0.37529
published_at 2026-04-08T12:55:00Z
6
value 0.00165
scoring_system epss
scoring_elements 0.37542
published_at 2026-04-16T12:55:00Z
7
value 0.00165
scoring_system epss
scoring_elements 0.37556
published_at 2026-04-11T12:55:00Z
8
value 0.00165
scoring_system epss
scoring_elements 0.37521
published_at 2026-04-12T12:55:00Z
9
value 0.00165
scoring_system epss
scoring_elements 0.37495
published_at 2026-04-13T12:55:00Z
10
value 0.00165
scoring_system epss
scoring_elements 0.37523
published_at 2026-04-18T12:55:00Z
11
value 0.00165
scoring_system epss
scoring_elements 0.37459
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39894
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39894
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ckry-v723-n7en
17
url VCID-dfrd-2pjx-4ba4
vulnerability_id VCID-dfrd-2pjx-4ba4
summary In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39873
reference_id
reference_type
scores
0
value 0.00275
scoring_system epss
scoring_elements 0.50957
published_at 2026-04-24T12:55:00Z
1
value 0.00275
scoring_system epss
scoring_elements 0.5089
published_at 2026-04-01T12:55:00Z
2
value 0.00275
scoring_system epss
scoring_elements 0.50944
published_at 2026-04-02T12:55:00Z
3
value 0.00275
scoring_system epss
scoring_elements 0.50969
published_at 2026-04-04T12:55:00Z
4
value 0.00275
scoring_system epss
scoring_elements 0.50927
published_at 2026-04-07T12:55:00Z
5
value 0.00275
scoring_system epss
scoring_elements 0.50984
published_at 2026-04-08T12:55:00Z
6
value 0.00275
scoring_system epss
scoring_elements 0.50981
published_at 2026-04-09T12:55:00Z
7
value 0.00275
scoring_system epss
scoring_elements 0.51024
published_at 2026-04-16T12:55:00Z
8
value 0.00275
scoring_system epss
scoring_elements 0.51003
published_at 2026-04-12T12:55:00Z
9
value 0.00275
scoring_system epss
scoring_elements 0.50987
published_at 2026-04-13T12:55:00Z
10
value 0.00275
scoring_system epss
scoring_elements 0.51031
published_at 2026-04-18T12:55:00Z
11
value 0.00275
scoring_system epss
scoring_elements 0.51009
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39873
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39873
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dfrd-2pjx-4ba4
18
url VCID-e49b-ph77-4kcp
vulnerability_id VCID-e49b-ph77-4kcp
summary Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39900
reference_id
reference_type
scores
0
value 0.00209
scoring_system epss
scoring_elements 0.43273
published_at 2026-04-24T12:55:00Z
1
value 0.00209
scoring_system epss
scoring_elements 0.43296
published_at 2026-04-01T12:55:00Z
2
value 0.00209
scoring_system epss
scoring_elements 0.43353
published_at 2026-04-02T12:55:00Z
3
value 0.00209
scoring_system epss
scoring_elements 0.4338
published_at 2026-04-04T12:55:00Z
4
value 0.00209
scoring_system epss
scoring_elements 0.43318
published_at 2026-04-07T12:55:00Z
5
value 0.00209
scoring_system epss
scoring_elements 0.4337
published_at 2026-04-08T12:55:00Z
6
value 0.00209
scoring_system epss
scoring_elements 0.43385
published_at 2026-04-09T12:55:00Z
7
value 0.00209
scoring_system epss
scoring_elements 0.43405
published_at 2026-04-11T12:55:00Z
8
value 0.00209
scoring_system epss
scoring_elements 0.43373
published_at 2026-04-12T12:55:00Z
9
value 0.00209
scoring_system epss
scoring_elements 0.43358
published_at 2026-04-13T12:55:00Z
10
value 0.00209
scoring_system epss
scoring_elements 0.43417
published_at 2026-04-16T12:55:00Z
11
value 0.00209
scoring_system epss
scoring_elements 0.43406
published_at 2026-04-18T12:55:00Z
12
value 0.00209
scoring_system epss
scoring_elements 0.4334
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39900
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39900
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e49b-ph77-4kcp
19
url VCID-n5mw-p57c-2ba3
vulnerability_id VCID-n5mw-p57c-2ba3
summary In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39882
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.27838
published_at 2026-04-24T12:55:00Z
1
value 0.00102
scoring_system epss
scoring_elements 0.28052
published_at 2026-04-01T12:55:00Z
2
value 0.00102
scoring_system epss
scoring_elements 0.28124
published_at 2026-04-02T12:55:00Z
3
value 0.00102
scoring_system epss
scoring_elements 0.28167
published_at 2026-04-04T12:55:00Z
4
value 0.00102
scoring_system epss
scoring_elements 0.27963
published_at 2026-04-07T12:55:00Z
5
value 0.00102
scoring_system epss
scoring_elements 0.28031
published_at 2026-04-08T12:55:00Z
6
value 0.00102
scoring_system epss
scoring_elements 0.28073
published_at 2026-04-09T12:55:00Z
7
value 0.00102
scoring_system epss
scoring_elements 0.2808
published_at 2026-04-11T12:55:00Z
8
value 0.00102
scoring_system epss
scoring_elements 0.28037
published_at 2026-04-12T12:55:00Z
9
value 0.00102
scoring_system epss
scoring_elements 0.2798
published_at 2026-04-13T12:55:00Z
10
value 0.00102
scoring_system epss
scoring_elements 0.27988
published_at 2026-04-16T12:55:00Z
11
value 0.00102
scoring_system epss
scoring_elements 0.27971
published_at 2026-04-18T12:55:00Z
12
value 0.00102
scoring_system epss
scoring_elements 0.27922
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39882
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39882
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n5mw-p57c-2ba3
20
url VCID-ncrc-1zac-tucd
vulnerability_id VCID-ncrc-1zac-tucd
summary In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39872
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.43961
published_at 2026-04-24T12:55:00Z
1
value 0.00215
scoring_system epss
scoring_elements 0.44
published_at 2026-04-01T12:55:00Z
2
value 0.00215
scoring_system epss
scoring_elements 0.44048
published_at 2026-04-02T12:55:00Z
3
value 0.00215
scoring_system epss
scoring_elements 0.44072
published_at 2026-04-04T12:55:00Z
4
value 0.00215
scoring_system epss
scoring_elements 0.44003
published_at 2026-04-07T12:55:00Z
5
value 0.00215
scoring_system epss
scoring_elements 0.44054
published_at 2026-04-08T12:55:00Z
6
value 0.00215
scoring_system epss
scoring_elements 0.44056
published_at 2026-04-09T12:55:00Z
7
value 0.00215
scoring_system epss
scoring_elements 0.44071
published_at 2026-04-11T12:55:00Z
8
value 0.00215
scoring_system epss
scoring_elements 0.44038
published_at 2026-04-12T12:55:00Z
9
value 0.00215
scoring_system epss
scoring_elements 0.44022
published_at 2026-04-13T12:55:00Z
10
value 0.00215
scoring_system epss
scoring_elements 0.44084
published_at 2026-04-16T12:55:00Z
11
value 0.00215
scoring_system epss
scoring_elements 0.44075
published_at 2026-04-18T12:55:00Z
12
value 0.00215
scoring_system epss
scoring_elements 0.44009
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39872
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39872
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ncrc-1zac-tucd
21
url VCID-q8sm-1nrb-wfej
vulnerability_id VCID-q8sm-1nrb-wfej
summary A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39885
reference_id
reference_type
scores
0
value 0.00217
scoring_system epss
scoring_elements 0.44141
published_at 2026-04-24T12:55:00Z
1
value 0.00217
scoring_system epss
scoring_elements 0.44179
published_at 2026-04-01T12:55:00Z
2
value 0.00217
scoring_system epss
scoring_elements 0.44244
published_at 2026-04-02T12:55:00Z
3
value 0.00217
scoring_system epss
scoring_elements 0.44267
published_at 2026-04-04T12:55:00Z
4
value 0.00217
scoring_system epss
scoring_elements 0.442
published_at 2026-04-07T12:55:00Z
5
value 0.00217
scoring_system epss
scoring_elements 0.44251
published_at 2026-04-08T12:55:00Z
6
value 0.00217
scoring_system epss
scoring_elements 0.44256
published_at 2026-04-09T12:55:00Z
7
value 0.00217
scoring_system epss
scoring_elements 0.44274
published_at 2026-04-11T12:55:00Z
8
value 0.00217
scoring_system epss
scoring_elements 0.44242
published_at 2026-04-13T12:55:00Z
9
value 0.00217
scoring_system epss
scoring_elements 0.44301
published_at 2026-04-16T12:55:00Z
10
value 0.00217
scoring_system epss
scoring_elements 0.44292
published_at 2026-04-18T12:55:00Z
11
value 0.00217
scoring_system epss
scoring_elements 0.44219
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39885
1
reference_url https://security.archlinux.org/AVG-2432
reference_id AVG-2432
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2432
fixed_packages
aliases CVE-2021-39885
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8sm-1nrb-wfej
22
url VCID-su9x-jz8t-h7bt
vulnerability_id VCID-su9x-jz8t-h7bt
summary Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39886
reference_id
reference_type
scores
0
value 0.00135
scoring_system epss
scoring_elements 0.33024
published_at 2026-04-24T12:55:00Z
1
value 0.00135
scoring_system epss
scoring_elements 0.3318
published_at 2026-04-01T12:55:00Z
2
value 0.00135
scoring_system epss
scoring_elements 0.33308
published_at 2026-04-02T12:55:00Z
3
value 0.00135
scoring_system epss
scoring_elements 0.3334
published_at 2026-04-04T12:55:00Z
4
value 0.00135
scoring_system epss
scoring_elements 0.33173
published_at 2026-04-07T12:55:00Z
5
value 0.00135
scoring_system epss
scoring_elements 0.33216
published_at 2026-04-08T12:55:00Z
6
value 0.00135
scoring_system epss
scoring_elements 0.3325
published_at 2026-04-09T12:55:00Z
7
value 0.00135
scoring_system epss
scoring_elements 0.33254
published_at 2026-04-11T12:55:00Z
8
value 0.00135
scoring_system epss
scoring_elements 0.33213
published_at 2026-04-12T12:55:00Z
9
value 0.00135
scoring_system epss
scoring_elements 0.33189
published_at 2026-04-13T12:55:00Z
10
value 0.00135
scoring_system epss
scoring_elements 0.3323
published_at 2026-04-16T12:55:00Z
11
value 0.00135
scoring_system epss
scoring_elements 0.33207
published_at 2026-04-18T12:55:00Z
12
value 0.00135
scoring_system epss
scoring_elements 0.33171
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39886
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39886
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-su9x-jz8t-h7bt
23
url VCID-teya-apph-1bhn
vulnerability_id VCID-teya-apph-1bhn
summary Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39883
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.42008
published_at 2026-04-24T12:55:00Z
1
value 0.002
scoring_system epss
scoring_elements 0.42062
published_at 2026-04-01T12:55:00Z
2
value 0.002
scoring_system epss
scoring_elements 0.42123
published_at 2026-04-02T12:55:00Z
3
value 0.002
scoring_system epss
scoring_elements 0.42151
published_at 2026-04-04T12:55:00Z
4
value 0.002
scoring_system epss
scoring_elements 0.42088
published_at 2026-04-07T12:55:00Z
5
value 0.002
scoring_system epss
scoring_elements 0.42139
published_at 2026-04-08T12:55:00Z
6
value 0.002
scoring_system epss
scoring_elements 0.4215
published_at 2026-04-09T12:55:00Z
7
value 0.002
scoring_system epss
scoring_elements 0.42172
published_at 2026-04-11T12:55:00Z
8
value 0.002
scoring_system epss
scoring_elements 0.42135
published_at 2026-04-12T12:55:00Z
9
value 0.002
scoring_system epss
scoring_elements 0.42111
published_at 2026-04-13T12:55:00Z
10
value 0.002
scoring_system epss
scoring_elements 0.42162
published_at 2026-04-16T12:55:00Z
11
value 0.002
scoring_system epss
scoring_elements 0.42136
published_at 2026-04-18T12:55:00Z
12
value 0.002
scoring_system epss
scoring_elements 0.42066
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39883
1
reference_url https://security.archlinux.org/AVG-2432
reference_id AVG-2432
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2432
fixed_packages
aliases CVE-2021-39883
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-teya-apph-1bhn
24
url VCID-ujgs-nnuc-mqe2
vulnerability_id VCID-ujgs-nnuc-mqe2
summary In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39871
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.31204
published_at 2026-04-24T12:55:00Z
1
value 0.00123
scoring_system epss
scoring_elements 0.31384
published_at 2026-04-01T12:55:00Z
2
value 0.00123
scoring_system epss
scoring_elements 0.31521
published_at 2026-04-02T12:55:00Z
3
value 0.00123
scoring_system epss
scoring_elements 0.31563
published_at 2026-04-04T12:55:00Z
4
value 0.00123
scoring_system epss
scoring_elements 0.31381
published_at 2026-04-07T12:55:00Z
5
value 0.00123
scoring_system epss
scoring_elements 0.31434
published_at 2026-04-08T12:55:00Z
6
value 0.00123
scoring_system epss
scoring_elements 0.31465
published_at 2026-04-09T12:55:00Z
7
value 0.00123
scoring_system epss
scoring_elements 0.31468
published_at 2026-04-11T12:55:00Z
8
value 0.00123
scoring_system epss
scoring_elements 0.31425
published_at 2026-04-12T12:55:00Z
9
value 0.00123
scoring_system epss
scoring_elements 0.31389
published_at 2026-04-13T12:55:00Z
10
value 0.00123
scoring_system epss
scoring_elements 0.31422
published_at 2026-04-16T12:55:00Z
11
value 0.00123
scoring_system epss
scoring_elements 0.31402
published_at 2026-04-18T12:55:00Z
12
value 0.00123
scoring_system epss
scoring_elements 0.31373
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39871
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39871
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ujgs-nnuc-mqe2
25
url VCID-wg33-ddc8-t3h4
vulnerability_id VCID-wg33-ddc8-t3h4
summary In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39874
reference_id
reference_type
scores
0
value 0.00253
scoring_system epss
scoring_elements 0.48608
published_at 2026-04-21T12:55:00Z
1
value 0.00253
scoring_system epss
scoring_elements 0.48538
published_at 2026-04-01T12:55:00Z
2
value 0.00253
scoring_system epss
scoring_elements 0.48574
published_at 2026-04-02T12:55:00Z
3
value 0.00253
scoring_system epss
scoring_elements 0.48597
published_at 2026-04-04T12:55:00Z
4
value 0.00253
scoring_system epss
scoring_elements 0.48549
published_at 2026-04-07T12:55:00Z
5
value 0.00253
scoring_system epss
scoring_elements 0.48603
published_at 2026-04-08T12:55:00Z
6
value 0.00253
scoring_system epss
scoring_elements 0.48599
published_at 2026-04-09T12:55:00Z
7
value 0.00253
scoring_system epss
scoring_elements 0.4862
published_at 2026-04-11T12:55:00Z
8
value 0.00253
scoring_system epss
scoring_elements 0.48593
published_at 2026-04-24T12:55:00Z
9
value 0.00253
scoring_system epss
scoring_elements 0.48606
published_at 2026-04-13T12:55:00Z
10
value 0.00253
scoring_system epss
scoring_elements 0.48656
published_at 2026-04-16T12:55:00Z
11
value 0.00253
scoring_system epss
scoring_elements 0.48651
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39874
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39874
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wg33-ddc8-t3h4
26
url VCID-wnjn-b16y-mfdg
vulnerability_id VCID-wnjn-b16y-mfdg
summary Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39879
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.31408
published_at 2026-04-24T12:55:00Z
1
value 0.00124
scoring_system epss
scoring_elements 0.316
published_at 2026-04-01T12:55:00Z
2
value 0.00124
scoring_system epss
scoring_elements 0.31733
published_at 2026-04-02T12:55:00Z
3
value 0.00124
scoring_system epss
scoring_elements 0.31777
published_at 2026-04-04T12:55:00Z
4
value 0.00124
scoring_system epss
scoring_elements 0.31596
published_at 2026-04-07T12:55:00Z
5
value 0.00124
scoring_system epss
scoring_elements 0.31648
published_at 2026-04-08T12:55:00Z
6
value 0.00124
scoring_system epss
scoring_elements 0.31678
published_at 2026-04-09T12:55:00Z
7
value 0.00124
scoring_system epss
scoring_elements 0.31683
published_at 2026-04-11T12:55:00Z
8
value 0.00124
scoring_system epss
scoring_elements 0.31642
published_at 2026-04-12T12:55:00Z
9
value 0.00124
scoring_system epss
scoring_elements 0.31606
published_at 2026-04-13T12:55:00Z
10
value 0.00124
scoring_system epss
scoring_elements 0.3164
published_at 2026-04-16T12:55:00Z
11
value 0.00124
scoring_system epss
scoring_elements 0.31618
published_at 2026-04-18T12:55:00Z
12
value 0.00124
scoring_system epss
scoring_elements 0.31586
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39879
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39879
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wnjn-b16y-mfdg
27
url VCID-y355-57xu-4bet
vulnerability_id VCID-y355-57xu-4bet
summary In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39892
reference_id
reference_type
scores
0
value 0.00297
scoring_system epss
scoring_elements 0.53012
published_at 2026-04-24T12:55:00Z
1
value 0.00297
scoring_system epss
scoring_elements 0.5294
published_at 2026-04-01T12:55:00Z
2
value 0.00297
scoring_system epss
scoring_elements 0.52965
published_at 2026-04-02T12:55:00Z
3
value 0.00297
scoring_system epss
scoring_elements 0.5299
published_at 2026-04-04T12:55:00Z
4
value 0.00297
scoring_system epss
scoring_elements 0.52958
published_at 2026-04-07T12:55:00Z
5
value 0.00297
scoring_system epss
scoring_elements 0.53009
published_at 2026-04-08T12:55:00Z
6
value 0.00297
scoring_system epss
scoring_elements 0.53002
published_at 2026-04-09T12:55:00Z
7
value 0.00297
scoring_system epss
scoring_elements 0.53052
published_at 2026-04-11T12:55:00Z
8
value 0.00297
scoring_system epss
scoring_elements 0.53036
published_at 2026-04-12T12:55:00Z
9
value 0.00297
scoring_system epss
scoring_elements 0.53019
published_at 2026-04-13T12:55:00Z
10
value 0.00297
scoring_system epss
scoring_elements 0.53056
published_at 2026-04-16T12:55:00Z
11
value 0.00297
scoring_system epss
scoring_elements 0.53063
published_at 2026-04-18T12:55:00Z
12
value 0.00297
scoring_system epss
scoring_elements 0.53045
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39892
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39892
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y355-57xu-4bet
28
url VCID-y8p4-aqpq-ykbk
vulnerability_id VCID-y8p4-aqpq-ykbk
summary In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39868
reference_id
reference_type
scores
0
value 0.00293
scoring_system epss
scoring_elements 0.52603
published_at 2026-04-24T12:55:00Z
1
value 0.00293
scoring_system epss
scoring_elements 0.52519
published_at 2026-04-01T12:55:00Z
2
value 0.00293
scoring_system epss
scoring_elements 0.52565
published_at 2026-04-02T12:55:00Z
3
value 0.00293
scoring_system epss
scoring_elements 0.52591
published_at 2026-04-04T12:55:00Z
4
value 0.00293
scoring_system epss
scoring_elements 0.52558
published_at 2026-04-07T12:55:00Z
5
value 0.00293
scoring_system epss
scoring_elements 0.52609
published_at 2026-04-08T12:55:00Z
6
value 0.00293
scoring_system epss
scoring_elements 0.52604
published_at 2026-04-09T12:55:00Z
7
value 0.00293
scoring_system epss
scoring_elements 0.52654
published_at 2026-04-11T12:55:00Z
8
value 0.00293
scoring_system epss
scoring_elements 0.52637
published_at 2026-04-12T12:55:00Z
9
value 0.00293
scoring_system epss
scoring_elements 0.52623
published_at 2026-04-13T12:55:00Z
10
value 0.00293
scoring_system epss
scoring_elements 0.52661
published_at 2026-04-16T12:55:00Z
11
value 0.00293
scoring_system epss
scoring_elements 0.52668
published_at 2026-04-18T12:55:00Z
12
value 0.00293
scoring_system epss
scoring_elements 0.52652
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39868
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39868
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8p4-aqpq-ykbk
29
url VCID-z4ez-3sgx-ybb8
vulnerability_id VCID-z4ez-3sgx-ybb8
summary It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39890
reference_id
reference_type
scores
0
value 0.0006
scoring_system epss
scoring_elements 0.1861
published_at 2026-04-24T12:55:00Z
1
value 0.0006
scoring_system epss
scoring_elements 0.18788
published_at 2026-04-01T12:55:00Z
2
value 0.0006
scoring_system epss
scoring_elements 0.18926
published_at 2026-04-02T12:55:00Z
3
value 0.0006
scoring_system epss
scoring_elements 0.18979
published_at 2026-04-04T12:55:00Z
4
value 0.0006
scoring_system epss
scoring_elements 0.18702
published_at 2026-04-07T12:55:00Z
5
value 0.0006
scoring_system epss
scoring_elements 0.18782
published_at 2026-04-08T12:55:00Z
6
value 0.0006
scoring_system epss
scoring_elements 0.18836
published_at 2026-04-09T12:55:00Z
7
value 0.0006
scoring_system epss
scoring_elements 0.18841
published_at 2026-04-11T12:55:00Z
8
value 0.0006
scoring_system epss
scoring_elements 0.18795
published_at 2026-04-12T12:55:00Z
9
value 0.0006
scoring_system epss
scoring_elements 0.18743
published_at 2026-04-13T12:55:00Z
10
value 0.0006
scoring_system epss
scoring_elements 0.18692
published_at 2026-04-16T12:55:00Z
11
value 0.0006
scoring_system epss
scoring_elements 0.18704
published_at 2026-04-18T12:55:00Z
12
value 0.0006
scoring_system epss
scoring_elements 0.18723
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39890
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.3.1-1
purl pkg:alpm/archlinux/gitlab@14.3.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.1-1
aliases CVE-2021-39890
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z4ez-3sgx-ybb8
30
url VCID-zbdr-btjr-vkhh
vulnerability_id VCID-zbdr-btjr-vkhh
summary In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39884
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.50853
published_at 2026-04-24T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.50782
published_at 2026-04-01T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.50838
published_at 2026-04-02T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.50864
published_at 2026-04-04T12:55:00Z
4
value 0.00274
scoring_system epss
scoring_elements 0.50821
published_at 2026-04-07T12:55:00Z
5
value 0.00274
scoring_system epss
scoring_elements 0.50878
published_at 2026-04-08T12:55:00Z
6
value 0.00274
scoring_system epss
scoring_elements 0.50876
published_at 2026-04-09T12:55:00Z
7
value 0.00274
scoring_system epss
scoring_elements 0.50918
published_at 2026-04-16T12:55:00Z
8
value 0.00274
scoring_system epss
scoring_elements 0.50896
published_at 2026-04-12T12:55:00Z
9
value 0.00274
scoring_system epss
scoring_elements 0.5088
published_at 2026-04-13T12:55:00Z
10
value 0.00274
scoring_system epss
scoring_elements 0.50924
published_at 2026-04-18T12:55:00Z
11
value 0.00274
scoring_system epss
scoring_elements 0.50904
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39884
1
reference_url https://security.archlinux.org/AVG-2432
reference_id AVG-2432
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2432
fixed_packages
aliases CVE-2021-39884
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zbdr-btjr-vkhh
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.3.0-1