Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:alpm/archlinux/gitlab@14.0.1-1
Typealpm
Namespacearchlinux
Namegitlab
Version14.0.1-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version14.0.3-1
Latest_non_vulnerable_version15.2.1-1
Affected_by_vulnerabilities
0
url VCID-55tn-dhah-8fak
vulnerability_id VCID-55tn-dhah-8fak
summary A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22224
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.59061
published_at 2026-04-24T12:55:00Z
1
value 0.00374
scoring_system epss
scoring_elements 0.58961
published_at 2026-04-01T12:55:00Z
2
value 0.00374
scoring_system epss
scoring_elements 0.59036
published_at 2026-04-02T12:55:00Z
3
value 0.00374
scoring_system epss
scoring_elements 0.59058
published_at 2026-04-04T12:55:00Z
4
value 0.00374
scoring_system epss
scoring_elements 0.59023
published_at 2026-04-07T12:55:00Z
5
value 0.00374
scoring_system epss
scoring_elements 0.59074
published_at 2026-04-08T12:55:00Z
6
value 0.00374
scoring_system epss
scoring_elements 0.5908
published_at 2026-04-21T12:55:00Z
7
value 0.00374
scoring_system epss
scoring_elements 0.59099
published_at 2026-04-11T12:55:00Z
8
value 0.00374
scoring_system epss
scoring_elements 0.59081
published_at 2026-04-12T12:55:00Z
9
value 0.00374
scoring_system epss
scoring_elements 0.59062
published_at 2026-04-13T12:55:00Z
10
value 0.00374
scoring_system epss
scoring_elements 0.59097
published_at 2026-04-16T12:55:00Z
11
value 0.00374
scoring_system epss
scoring_elements 0.59101
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22224
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.0.3-1
purl pkg:alpm/archlinux/gitlab@14.0.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.0.3-1
aliases CVE-2021-22224
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-55tn-dhah-8fak
1
url VCID-64wb-wrxa-afb2
vulnerability_id VCID-64wb-wrxa-afb2
summary Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22225
reference_id
reference_type
scores
0
value 0.00135
scoring_system epss
scoring_elements 0.33081
published_at 2026-04-24T12:55:00Z
1
value 0.00135
scoring_system epss
scoring_elements 0.33232
published_at 2026-04-07T12:55:00Z
2
value 0.00135
scoring_system epss
scoring_elements 0.33366
published_at 2026-04-02T12:55:00Z
3
value 0.00135
scoring_system epss
scoring_elements 0.33398
published_at 2026-04-04T12:55:00Z
4
value 0.00135
scoring_system epss
scoring_elements 0.33276
published_at 2026-04-08T12:55:00Z
5
value 0.00135
scoring_system epss
scoring_elements 0.3331
published_at 2026-04-09T12:55:00Z
6
value 0.00135
scoring_system epss
scoring_elements 0.33314
published_at 2026-04-11T12:55:00Z
7
value 0.00135
scoring_system epss
scoring_elements 0.33273
published_at 2026-04-12T12:55:00Z
8
value 0.00135
scoring_system epss
scoring_elements 0.33249
published_at 2026-04-13T12:55:00Z
9
value 0.00135
scoring_system epss
scoring_elements 0.33288
published_at 2026-04-16T12:55:00Z
10
value 0.00135
scoring_system epss
scoring_elements 0.33265
published_at 2026-04-18T12:55:00Z
11
value 0.00135
scoring_system epss
scoring_elements 0.33229
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22225
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.0.3-1
purl pkg:alpm/archlinux/gitlab@14.0.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.0.3-1
aliases CVE-2021-22225
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-64wb-wrxa-afb2
2
url VCID-a1z8-2fdu-1uhd
vulnerability_id VCID-a1z8-2fdu-1uhd
summary 
Arbitrary Code Execution in Rdoc
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31799.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31799.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31799
reference_id
reference_type
scores
0
value 0.00351
scoring_system epss
scoring_elements 0.57547
published_at 2026-04-02T12:55:00Z
1
value 0.00351
scoring_system epss
scoring_elements 0.57567
published_at 2026-04-04T12:55:00Z
2
value 0.00351
scoring_system epss
scoring_elements 0.57463
published_at 2026-04-01T12:55:00Z
3
value 0.00351
scoring_system epss
scoring_elements 0.57543
published_at 2026-04-07T12:55:00Z
4
value 0.00351
scoring_system epss
scoring_elements 0.57596
published_at 2026-04-08T12:55:00Z
5
value 0.00351
scoring_system epss
scoring_elements 0.576
published_at 2026-04-09T12:55:00Z
6
value 0.00351
scoring_system epss
scoring_elements 0.57615
published_at 2026-04-11T12:55:00Z
7
value 0.00351
scoring_system epss
scoring_elements 0.57595
published_at 2026-04-12T12:55:00Z
8
value 0.00351
scoring_system epss
scoring_elements 0.57573
published_at 2026-04-13T12:55:00Z
9
value 0.00351
scoring_system epss
scoring_elements 0.57535
published_at 2026-04-24T12:55:00Z
10
value 0.00351
scoring_system epss
scoring_elements 0.57577
published_at 2026-04-21T12:55:00Z
11
value 0.00351
scoring_system epss
scoring_elements 0.57602
published_at 2026-04-16T12:55:00Z
12
value 0.00351
scoring_system epss
scoring_elements 0.57599
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31799
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/ruby/rdoc
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rdoc
10
reference_url https://github.com/ruby/rdoc/commit/a7f5d6ab88632b3b482fe10611382ff73d14eed7
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rdoc/commit/a7f5d6ab88632b3b482fe10611382ff73d14eed7
11
reference_url https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:06Z/
url https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html
12
reference_url https://security.gentoo.org/glsa/202401-05
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:06Z/
url https://security.gentoo.org/glsa/202401-05
13
reference_url https://security.netapp.com/advisory/ntap-20210902-0004
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210902-0004
14
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:06Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
15
reference_url https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc
16
reference_url https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements
1
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:06Z/
url https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1980132
reference_id 1980132
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1980132
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990815
reference_id 990815
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990815
19
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
20
reference_url https://security.archlinux.org/AVG-1901
reference_id AVG-1901
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1901
21
reference_url https://security.archlinux.org/AVG-1905
reference_id AVG-1905
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1905
22
reference_url https://security.archlinux.org/AVG-1906
reference_id AVG-1906
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1906
23
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31799
reference_id CVE-2021-31799
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31799
25
reference_url https://security-tracker.debian.org/tracker/CVE-2021-31799
reference_id CVE-2021-31799
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:06Z/
url https://security-tracker.debian.org/tracker/CVE-2021-31799
26
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rdoc/CVE-2021-31799.yml
reference_id CVE-2021-31799.YML
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rdoc/CVE-2021-31799.yml
27
reference_url https://github.com/advisories/GHSA-ggxm-pgc9-g7fp
reference_id GHSA-ggxm-pgc9-g7fp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ggxm-pgc9-g7fp
28
reference_url https://access.redhat.com/errata/RHSA-2021:3020
reference_id RHSA-2021:3020
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3020
29
reference_url https://access.redhat.com/errata/RHSA-2021:3559
reference_id RHSA-2021:3559
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3559
30
reference_url https://access.redhat.com/errata/RHSA-2021:3982
reference_id RHSA-2021:3982
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3982
31
reference_url https://access.redhat.com/errata/RHSA-2022:0543
reference_id RHSA-2022:0543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0543
32
reference_url https://access.redhat.com/errata/RHSA-2022:0544
reference_id RHSA-2022:0544
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0544
33
reference_url https://access.redhat.com/errata/RHSA-2022:0581
reference_id RHSA-2022:0581
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0581
34
reference_url https://access.redhat.com/errata/RHSA-2022:0582
reference_id RHSA-2022:0582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0582
35
reference_url https://access.redhat.com/errata/RHSA-2022:0672
reference_id RHSA-2022:0672
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0672
36
reference_url https://access.redhat.com/errata/RHSA-2022:0708
reference_id RHSA-2022:0708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0708
37
reference_url https://usn.ubuntu.com/5020-1/
reference_id USN-5020-1
reference_type
scores
url https://usn.ubuntu.com/5020-1/
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.0.3-1
purl pkg:alpm/archlinux/gitlab@14.0.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.0.3-1
aliases CVE-2021-31799, GHSA-ggxm-pgc9-g7fp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a1z8-2fdu-1uhd
3
url VCID-ad6q-uvub-77ff
vulnerability_id VCID-ad6q-uvub-77ff
summary An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22228
reference_id
reference_type
scores
0
value 0.00231
scoring_system epss
scoring_elements 0.45856
published_at 2026-04-24T12:55:00Z
1
value 0.00231
scoring_system epss
scoring_elements 0.45843
published_at 2026-04-01T12:55:00Z
2
value 0.00231
scoring_system epss
scoring_elements 0.45891
published_at 2026-04-02T12:55:00Z
3
value 0.00231
scoring_system epss
scoring_elements 0.45911
published_at 2026-04-04T12:55:00Z
4
value 0.00231
scoring_system epss
scoring_elements 0.45861
published_at 2026-04-07T12:55:00Z
5
value 0.00231
scoring_system epss
scoring_elements 0.45917
published_at 2026-04-08T12:55:00Z
6
value 0.00231
scoring_system epss
scoring_elements 0.45914
published_at 2026-04-09T12:55:00Z
7
value 0.00231
scoring_system epss
scoring_elements 0.45937
published_at 2026-04-11T12:55:00Z
8
value 0.00231
scoring_system epss
scoring_elements 0.45908
published_at 2026-04-12T12:55:00Z
9
value 0.00231
scoring_system epss
scoring_elements 0.45915
published_at 2026-04-13T12:55:00Z
10
value 0.00231
scoring_system epss
scoring_elements 0.45967
published_at 2026-04-16T12:55:00Z
11
value 0.00231
scoring_system epss
scoring_elements 0.45962
published_at 2026-04-18T12:55:00Z
12
value 0.00231
scoring_system epss
scoring_elements 0.45907
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22228
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.0.3-1
purl pkg:alpm/archlinux/gitlab@14.0.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.0.3-1
aliases CVE-2021-22228
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ad6q-uvub-77ff
4
url VCID-ewf1-jsf4-nqe8
vulnerability_id VCID-ewf1-jsf4-nqe8
summary Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22226
reference_id
reference_type
scores
0
value 0.00191
scoring_system epss
scoring_elements 0.4083
published_at 2026-04-24T12:55:00Z
1
value 0.00191
scoring_system epss
scoring_elements 0.40926
published_at 2026-04-01T12:55:00Z
2
value 0.00191
scoring_system epss
scoring_elements 0.41008
published_at 2026-04-02T12:55:00Z
3
value 0.00191
scoring_system epss
scoring_elements 0.4104
published_at 2026-04-11T12:55:00Z
4
value 0.00191
scoring_system epss
scoring_elements 0.40965
published_at 2026-04-07T12:55:00Z
5
value 0.00191
scoring_system epss
scoring_elements 0.41014
published_at 2026-04-08T12:55:00Z
6
value 0.00191
scoring_system epss
scoring_elements 0.41022
published_at 2026-04-09T12:55:00Z
7
value 0.00191
scoring_system epss
scoring_elements 0.41005
published_at 2026-04-12T12:55:00Z
8
value 0.00191
scoring_system epss
scoring_elements 0.40989
published_at 2026-04-13T12:55:00Z
9
value 0.00191
scoring_system epss
scoring_elements 0.41031
published_at 2026-04-16T12:55:00Z
10
value 0.00191
scoring_system epss
scoring_elements 0.41002
published_at 2026-04-18T12:55:00Z
11
value 0.00191
scoring_system epss
scoring_elements 0.40924
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22226
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.0.3-1
purl pkg:alpm/archlinux/gitlab@14.0.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.0.3-1
aliases CVE-2021-22226
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ewf1-jsf4-nqe8
5
url VCID-j2d6-26gv-j3f9
vulnerability_id VCID-j2d6-26gv-j3f9
summary An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22229
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.41973
published_at 2026-04-24T12:55:00Z
1
value 0.002
scoring_system epss
scoring_elements 0.42027
published_at 2026-04-01T12:55:00Z
2
value 0.002
scoring_system epss
scoring_elements 0.42087
published_at 2026-04-02T12:55:00Z
3
value 0.002
scoring_system epss
scoring_elements 0.42115
published_at 2026-04-04T12:55:00Z
4
value 0.002
scoring_system epss
scoring_elements 0.42052
published_at 2026-04-07T12:55:00Z
5
value 0.002
scoring_system epss
scoring_elements 0.42104
published_at 2026-04-08T12:55:00Z
6
value 0.002
scoring_system epss
scoring_elements 0.42116
published_at 2026-04-09T12:55:00Z
7
value 0.002
scoring_system epss
scoring_elements 0.42137
published_at 2026-04-11T12:55:00Z
8
value 0.002
scoring_system epss
scoring_elements 0.421
published_at 2026-04-18T12:55:00Z
9
value 0.002
scoring_system epss
scoring_elements 0.42075
published_at 2026-04-13T12:55:00Z
10
value 0.002
scoring_system epss
scoring_elements 0.42127
published_at 2026-04-16T12:55:00Z
11
value 0.002
scoring_system epss
scoring_elements 0.4203
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22229
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.0.3-1
purl pkg:alpm/archlinux/gitlab@14.0.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.0.3-1
aliases CVE-2021-22229
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j2d6-26gv-j3f9
6
url VCID-ktjp-pvqu-5yf7
vulnerability_id VCID-ktjp-pvqu-5yf7
summary A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22231
reference_id
reference_type
scores
0
value 0.00376
scoring_system epss
scoring_elements 0.59218
published_at 2026-04-24T12:55:00Z
1
value 0.00376
scoring_system epss
scoring_elements 0.59104
published_at 2026-04-01T12:55:00Z
2
value 0.00376
scoring_system epss
scoring_elements 0.59178
published_at 2026-04-02T12:55:00Z
3
value 0.00376
scoring_system epss
scoring_elements 0.59202
published_at 2026-04-04T12:55:00Z
4
value 0.00376
scoring_system epss
scoring_elements 0.59166
published_at 2026-04-07T12:55:00Z
5
value 0.00376
scoring_system epss
scoring_elements 0.59217
published_at 2026-04-08T12:55:00Z
6
value 0.00376
scoring_system epss
scoring_elements 0.5923
published_at 2026-04-09T12:55:00Z
7
value 0.00376
scoring_system epss
scoring_elements 0.5925
published_at 2026-04-16T12:55:00Z
8
value 0.00376
scoring_system epss
scoring_elements 0.59232
published_at 2026-04-12T12:55:00Z
9
value 0.00376
scoring_system epss
scoring_elements 0.59214
published_at 2026-04-13T12:55:00Z
10
value 0.00376
scoring_system epss
scoring_elements 0.59255
published_at 2026-04-18T12:55:00Z
11
value 0.00376
scoring_system epss
scoring_elements 0.59237
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22231
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.0.3-1
purl pkg:alpm/archlinux/gitlab@14.0.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.0.3-1
aliases CVE-2021-22231
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ktjp-pvqu-5yf7
7
url VCID-p3g7-kade-fqfq
vulnerability_id VCID-p3g7-kade-fqfq
summary A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22227
reference_id
reference_type
scores
0
value 0.00106
scoring_system epss
scoring_elements 0.28477
published_at 2026-04-24T12:55:00Z
1
value 0.00106
scoring_system epss
scoring_elements 0.28691
published_at 2026-04-01T12:55:00Z
2
value 0.00106
scoring_system epss
scoring_elements 0.28773
published_at 2026-04-02T12:55:00Z
3
value 0.00106
scoring_system epss
scoring_elements 0.28821
published_at 2026-04-04T12:55:00Z
4
value 0.00106
scoring_system epss
scoring_elements 0.28628
published_at 2026-04-07T12:55:00Z
5
value 0.00106
scoring_system epss
scoring_elements 0.28693
published_at 2026-04-12T12:55:00Z
6
value 0.00106
scoring_system epss
scoring_elements 0.28732
published_at 2026-04-09T12:55:00Z
7
value 0.00106
scoring_system epss
scoring_elements 0.28737
published_at 2026-04-11T12:55:00Z
8
value 0.00106
scoring_system epss
scoring_elements 0.28645
published_at 2026-04-13T12:55:00Z
9
value 0.00106
scoring_system epss
scoring_elements 0.28664
published_at 2026-04-16T12:55:00Z
10
value 0.00106
scoring_system epss
scoring_elements 0.28639
published_at 2026-04-18T12:55:00Z
11
value 0.00106
scoring_system epss
scoring_elements 0.28591
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22227
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.0.3-1
purl pkg:alpm/archlinux/gitlab@14.0.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.0.3-1
aliases CVE-2021-22227
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p3g7-kade-fqfq
8
url VCID-s41d-jhp9-ckae
vulnerability_id VCID-s41d-jhp9-ckae
summary HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22232
reference_id
reference_type
scores
0
value 0.00128
scoring_system epss
scoring_elements 0.32002
published_at 2026-04-24T12:55:00Z
1
value 0.00128
scoring_system epss
scoring_elements 0.32175
published_at 2026-04-01T12:55:00Z
2
value 0.00128
scoring_system epss
scoring_elements 0.32308
published_at 2026-04-02T12:55:00Z
3
value 0.00128
scoring_system epss
scoring_elements 0.32347
published_at 2026-04-04T12:55:00Z
4
value 0.00128
scoring_system epss
scoring_elements 0.32171
published_at 2026-04-07T12:55:00Z
5
value 0.00128
scoring_system epss
scoring_elements 0.3222
published_at 2026-04-08T12:55:00Z
6
value 0.00128
scoring_system epss
scoring_elements 0.32247
published_at 2026-04-09T12:55:00Z
7
value 0.00128
scoring_system epss
scoring_elements 0.32248
published_at 2026-04-11T12:55:00Z
8
value 0.00128
scoring_system epss
scoring_elements 0.3221
published_at 2026-04-12T12:55:00Z
9
value 0.00128
scoring_system epss
scoring_elements 0.3218
published_at 2026-04-13T12:55:00Z
10
value 0.00128
scoring_system epss
scoring_elements 0.32213
published_at 2026-04-16T12:55:00Z
11
value 0.00128
scoring_system epss
scoring_elements 0.32193
published_at 2026-04-18T12:55:00Z
12
value 0.00128
scoring_system epss
scoring_elements 0.32164
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22232
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.0.3-1
purl pkg:alpm/archlinux/gitlab@14.0.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.0.3-1
aliases CVE-2021-22232
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s41d-jhp9-ckae
9
url VCID-ye5q-51wd-53c5
vulnerability_id VCID-ye5q-51wd-53c5
summary Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22223
reference_id
reference_type
scores
0
value 0.00185
scoring_system epss
scoring_elements 0.39995
published_at 2026-04-24T12:55:00Z
1
value 0.00185
scoring_system epss
scoring_elements 0.40114
published_at 2026-04-01T12:55:00Z
2
value 0.00185
scoring_system epss
scoring_elements 0.40264
published_at 2026-04-08T12:55:00Z
3
value 0.00185
scoring_system epss
scoring_elements 0.40289
published_at 2026-04-04T12:55:00Z
4
value 0.00185
scoring_system epss
scoring_elements 0.40211
published_at 2026-04-07T12:55:00Z
5
value 0.00185
scoring_system epss
scoring_elements 0.40275
published_at 2026-04-09T12:55:00Z
6
value 0.00185
scoring_system epss
scoring_elements 0.40286
published_at 2026-04-11T12:55:00Z
7
value 0.00185
scoring_system epss
scoring_elements 0.40249
published_at 2026-04-12T12:55:00Z
8
value 0.00185
scoring_system epss
scoring_elements 0.40229
published_at 2026-04-13T12:55:00Z
9
value 0.00185
scoring_system epss
scoring_elements 0.40276
published_at 2026-04-16T12:55:00Z
10
value 0.00185
scoring_system epss
scoring_elements 0.40245
published_at 2026-04-18T12:55:00Z
11
value 0.00185
scoring_system epss
scoring_elements 0.40169
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22223
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.0.3-1
purl pkg:alpm/archlinux/gitlab@14.0.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.0.3-1
aliases CVE-2021-22223
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ye5q-51wd-53c5
10
url VCID-yq7h-64jj-wfcs
vulnerability_id VCID-yq7h-64jj-wfcs
summary An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22233
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.40178
published_at 2026-04-24T12:55:00Z
1
value 0.00186
scoring_system epss
scoring_elements 0.40285
published_at 2026-04-01T12:55:00Z
2
value 0.00186
scoring_system epss
scoring_elements 0.40351
published_at 2026-04-02T12:55:00Z
3
value 0.00186
scoring_system epss
scoring_elements 0.40376
published_at 2026-04-04T12:55:00Z
4
value 0.00186
scoring_system epss
scoring_elements 0.40301
published_at 2026-04-07T12:55:00Z
5
value 0.00186
scoring_system epss
scoring_elements 0.40352
published_at 2026-04-08T12:55:00Z
6
value 0.00186
scoring_system epss
scoring_elements 0.40364
published_at 2026-04-09T12:55:00Z
7
value 0.00186
scoring_system epss
scoring_elements 0.40375
published_at 2026-04-11T12:55:00Z
8
value 0.00186
scoring_system epss
scoring_elements 0.40337
published_at 2026-04-12T12:55:00Z
9
value 0.00186
scoring_system epss
scoring_elements 0.40318
published_at 2026-04-13T12:55:00Z
10
value 0.00186
scoring_system epss
scoring_elements 0.40365
published_at 2026-04-16T12:55:00Z
11
value 0.00186
scoring_system epss
scoring_elements 0.40333
published_at 2026-04-18T12:55:00Z
12
value 0.00186
scoring_system epss
scoring_elements 0.40256
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22233
1
reference_url https://security.archlinux.org/AVG-2137
reference_id AVG-2137
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2137
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.0.3-1
purl pkg:alpm/archlinux/gitlab@14.0.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.0.3-1
aliases CVE-2021-22233
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yq7h-64jj-wfcs
11
url VCID-yx48-ptwa-ukhh
vulnerability_id VCID-yx48-ptwa-ukhh
summary Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22230
reference_id
reference_type
scores
0
value 0.00196
scoring_system epss
scoring_elements 0.41401
published_at 2026-04-24T12:55:00Z
1
value 0.00196
scoring_system epss
scoring_elements 0.41486
published_at 2026-04-01T12:55:00Z
2
value 0.00196
scoring_system epss
scoring_elements 0.41576
published_at 2026-04-02T12:55:00Z
3
value 0.00196
scoring_system epss
scoring_elements 0.41604
published_at 2026-04-04T12:55:00Z
4
value 0.00196
scoring_system epss
scoring_elements 0.41531
published_at 2026-04-07T12:55:00Z
5
value 0.00196
scoring_system epss
scoring_elements 0.41581
published_at 2026-04-08T12:55:00Z
6
value 0.00196
scoring_system epss
scoring_elements 0.4159
published_at 2026-04-09T12:55:00Z
7
value 0.00196
scoring_system epss
scoring_elements 0.41611
published_at 2026-04-11T12:55:00Z
8
value 0.00196
scoring_system epss
scoring_elements 0.41578
published_at 2026-04-12T12:55:00Z
9
value 0.00196
scoring_system epss
scoring_elements 0.41564
published_at 2026-04-13T12:55:00Z
10
value 0.00196
scoring_system epss
scoring_elements 0.4161
published_at 2026-04-16T12:55:00Z
11
value 0.00196
scoring_system epss
scoring_elements 0.41585
published_at 2026-04-18T12:55:00Z
12
value 0.00196
scoring_system epss
scoring_elements 0.41509
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22230
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.0.3-1
purl pkg:alpm/archlinux/gitlab@14.0.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.0.3-1
aliases CVE-2021-22230
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yx48-ptwa-ukhh
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.0.1-1