Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:alpm/archlinux/gitlab@13.6.2-1
Typealpm
Namespacearchlinux
Namegitlab
Version13.6.2-1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version13.7.2-1
Latest_non_vulnerable_version15.2.1-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4vm6-67ra-6fct
vulnerability_id VCID-4vm6-67ra-6fct
summary Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26416
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.12896
published_at 2026-04-24T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12921
published_at 2026-04-01T12:55:00Z
2
value 0.00042
scoring_system epss
scoring_elements 0.13012
published_at 2026-04-02T12:55:00Z
3
value 0.00042
scoring_system epss
scoring_elements 0.13063
published_at 2026-04-04T12:55:00Z
4
value 0.00042
scoring_system epss
scoring_elements 0.12862
published_at 2026-04-07T12:55:00Z
5
value 0.00042
scoring_system epss
scoring_elements 0.1294
published_at 2026-04-08T12:55:00Z
6
value 0.00042
scoring_system epss
scoring_elements 0.12991
published_at 2026-04-09T12:55:00Z
7
value 0.00042
scoring_system epss
scoring_elements 0.12951
published_at 2026-04-11T12:55:00Z
8
value 0.00042
scoring_system epss
scoring_elements 0.12916
published_at 2026-04-12T12:55:00Z
9
value 0.00042
scoring_system epss
scoring_elements 0.12871
published_at 2026-04-13T12:55:00Z
10
value 0.00042
scoring_system epss
scoring_elements 0.12773
published_at 2026-04-16T12:55:00Z
11
value 0.00042
scoring_system epss
scoring_elements 0.12777
published_at 2026-04-18T12:55:00Z
12
value 0.00042
scoring_system epss
scoring_elements 0.12875
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26416
1
reference_url https://security.archlinux.org/AVG-1347
reference_id AVG-1347
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1347
fixed_packages
0
url pkg:alpm/archlinux/gitlab@13.6.2-1
purl pkg:alpm/archlinux/gitlab@13.6.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1
aliases CVE-2020-26416
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4vm6-67ra-6fct
1
url VCID-82a8-grn5-eqdj
vulnerability_id VCID-82a8-grn5-eqdj
summary Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26412
reference_id
reference_type
scores
0
value 0.00131
scoring_system epss
scoring_elements 0.32341
published_at 2026-04-24T12:55:00Z
1
value 0.00131
scoring_system epss
scoring_elements 0.32511
published_at 2026-04-01T12:55:00Z
2
value 0.00131
scoring_system epss
scoring_elements 0.32655
published_at 2026-04-02T12:55:00Z
3
value 0.00131
scoring_system epss
scoring_elements 0.32691
published_at 2026-04-04T12:55:00Z
4
value 0.00131
scoring_system epss
scoring_elements 0.32513
published_at 2026-04-07T12:55:00Z
5
value 0.00131
scoring_system epss
scoring_elements 0.32561
published_at 2026-04-08T12:55:00Z
6
value 0.00131
scoring_system epss
scoring_elements 0.32587
published_at 2026-04-09T12:55:00Z
7
value 0.00131
scoring_system epss
scoring_elements 0.32589
published_at 2026-04-11T12:55:00Z
8
value 0.00131
scoring_system epss
scoring_elements 0.32551
published_at 2026-04-12T12:55:00Z
9
value 0.00131
scoring_system epss
scoring_elements 0.32523
published_at 2026-04-13T12:55:00Z
10
value 0.00131
scoring_system epss
scoring_elements 0.3256
published_at 2026-04-16T12:55:00Z
11
value 0.00131
scoring_system epss
scoring_elements 0.32538
published_at 2026-04-18T12:55:00Z
12
value 0.00131
scoring_system epss
scoring_elements 0.32506
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26412
1
reference_url https://security.archlinux.org/AVG-1347
reference_id AVG-1347
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1347
fixed_packages
0
url pkg:alpm/archlinux/gitlab@13.6.2-1
purl pkg:alpm/archlinux/gitlab@13.6.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1
aliases CVE-2020-26412
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-82a8-grn5-eqdj
2
url VCID-9bqx-bjky-zqen
vulnerability_id VCID-9bqx-bjky-zqen
summary Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2, >=13.5 to <13.5.5, and >=13.1 to <13.4.7.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26417
reference_id
reference_type
scores
0
value 0.00196
scoring_system epss
scoring_elements 0.41447
published_at 2026-04-24T12:55:00Z
1
value 0.00196
scoring_system epss
scoring_elements 0.41528
published_at 2026-04-01T12:55:00Z
2
value 0.00196
scoring_system epss
scoring_elements 0.41617
published_at 2026-04-02T12:55:00Z
3
value 0.00196
scoring_system epss
scoring_elements 0.41646
published_at 2026-04-04T12:55:00Z
4
value 0.00196
scoring_system epss
scoring_elements 0.41573
published_at 2026-04-07T12:55:00Z
5
value 0.00196
scoring_system epss
scoring_elements 0.41623
published_at 2026-04-12T12:55:00Z
6
value 0.00196
scoring_system epss
scoring_elements 0.41632
published_at 2026-04-09T12:55:00Z
7
value 0.00196
scoring_system epss
scoring_elements 0.41656
published_at 2026-04-16T12:55:00Z
8
value 0.00196
scoring_system epss
scoring_elements 0.41609
published_at 2026-04-13T12:55:00Z
9
value 0.00196
scoring_system epss
scoring_elements 0.41629
published_at 2026-04-18T12:55:00Z
10
value 0.00196
scoring_system epss
scoring_elements 0.41554
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26417
1
reference_url https://security.archlinux.org/AVG-1333
reference_id AVG-1333
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1333
fixed_packages
0
url pkg:alpm/archlinux/gitlab@13.6.2-1
purl pkg:alpm/archlinux/gitlab@13.6.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1
aliases CVE-2020-26417
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9bqx-bjky-zqen
3
url VCID-bjxw-yvhv-u7b8
vulnerability_id VCID-bjxw-yvhv-u7b8
summary An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13357
reference_id
reference_type
scores
0
value 0.00148
scoring_system epss
scoring_elements 0.35081
published_at 2026-04-24T12:55:00Z
1
value 0.00148
scoring_system epss
scoring_elements 0.35217
published_at 2026-04-01T12:55:00Z
2
value 0.00148
scoring_system epss
scoring_elements 0.35417
published_at 2026-04-02T12:55:00Z
3
value 0.00148
scoring_system epss
scoring_elements 0.35441
published_at 2026-04-04T12:55:00Z
4
value 0.00148
scoring_system epss
scoring_elements 0.35324
published_at 2026-04-07T12:55:00Z
5
value 0.00148
scoring_system epss
scoring_elements 0.3537
published_at 2026-04-08T12:55:00Z
6
value 0.00148
scoring_system epss
scoring_elements 0.35396
published_at 2026-04-09T12:55:00Z
7
value 0.00148
scoring_system epss
scoring_elements 0.35398
published_at 2026-04-11T12:55:00Z
8
value 0.00148
scoring_system epss
scoring_elements 0.35361
published_at 2026-04-12T12:55:00Z
9
value 0.00148
scoring_system epss
scoring_elements 0.35339
published_at 2026-04-13T12:55:00Z
10
value 0.00148
scoring_system epss
scoring_elements 0.35379
published_at 2026-04-16T12:55:00Z
11
value 0.00148
scoring_system epss
scoring_elements 0.35367
published_at 2026-04-18T12:55:00Z
12
value 0.00148
scoring_system epss
scoring_elements 0.35315
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13357
1
reference_url https://security.archlinux.org/AVG-1333
reference_id AVG-1333
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1333
fixed_packages
0
url pkg:alpm/archlinux/gitlab@13.6.2-1
purl pkg:alpm/archlinux/gitlab@13.6.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1
aliases CVE-2020-13357
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjxw-yvhv-u7b8
4
url VCID-cj92-8xpy-mqdw
vulnerability_id VCID-cj92-8xpy-mqdw
summary A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26407
reference_id
reference_type
scores
0
value 0.0015
scoring_system epss
scoring_elements 0.35278
published_at 2026-04-24T12:55:00Z
1
value 0.0015
scoring_system epss
scoring_elements 0.35418
published_at 2026-04-01T12:55:00Z
2
value 0.0015
scoring_system epss
scoring_elements 0.35618
published_at 2026-04-02T12:55:00Z
3
value 0.0015
scoring_system epss
scoring_elements 0.35643
published_at 2026-04-04T12:55:00Z
4
value 0.0015
scoring_system epss
scoring_elements 0.35525
published_at 2026-04-07T12:55:00Z
5
value 0.0015
scoring_system epss
scoring_elements 0.35571
published_at 2026-04-08T12:55:00Z
6
value 0.0015
scoring_system epss
scoring_elements 0.35595
published_at 2026-04-09T12:55:00Z
7
value 0.0015
scoring_system epss
scoring_elements 0.35605
published_at 2026-04-11T12:55:00Z
8
value 0.0015
scoring_system epss
scoring_elements 0.35561
published_at 2026-04-12T12:55:00Z
9
value 0.0015
scoring_system epss
scoring_elements 0.35538
published_at 2026-04-13T12:55:00Z
10
value 0.0015
scoring_system epss
scoring_elements 0.35577
published_at 2026-04-16T12:55:00Z
11
value 0.0015
scoring_system epss
scoring_elements 0.35567
published_at 2026-04-18T12:55:00Z
12
value 0.0015
scoring_system epss
scoring_elements 0.35516
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26407
1
reference_url https://security.archlinux.org/AVG-1333
reference_id AVG-1333
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1333
fixed_packages
0
url pkg:alpm/archlinux/gitlab@13.6.2-1
purl pkg:alpm/archlinux/gitlab@13.6.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1
aliases CVE-2020-26407
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cj92-8xpy-mqdw
5
url VCID-m2hg-kn7f-fygz
vulnerability_id VCID-m2hg-kn7f-fygz
summary A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's private profile
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26408
reference_id
reference_type
scores
0
value 0.00119
scoring_system epss
scoring_elements 0.30631
published_at 2026-04-24T12:55:00Z
1
value 0.00119
scoring_system epss
scoring_elements 0.30826
published_at 2026-04-01T12:55:00Z
2
value 0.00119
scoring_system epss
scoring_elements 0.30954
published_at 2026-04-02T12:55:00Z
3
value 0.00119
scoring_system epss
scoring_elements 0.31002
published_at 2026-04-04T12:55:00Z
4
value 0.00119
scoring_system epss
scoring_elements 0.30818
published_at 2026-04-07T12:55:00Z
5
value 0.00119
scoring_system epss
scoring_elements 0.30877
published_at 2026-04-08T12:55:00Z
6
value 0.00119
scoring_system epss
scoring_elements 0.30907
published_at 2026-04-09T12:55:00Z
7
value 0.00119
scoring_system epss
scoring_elements 0.3091
published_at 2026-04-11T12:55:00Z
8
value 0.00119
scoring_system epss
scoring_elements 0.30867
published_at 2026-04-12T12:55:00Z
9
value 0.00119
scoring_system epss
scoring_elements 0.30822
published_at 2026-04-13T12:55:00Z
10
value 0.00119
scoring_system epss
scoring_elements 0.30853
published_at 2026-04-16T12:55:00Z
11
value 0.00119
scoring_system epss
scoring_elements 0.30833
published_at 2026-04-18T12:55:00Z
12
value 0.00119
scoring_system epss
scoring_elements 0.30797
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26408
1
reference_url https://security.archlinux.org/AVG-1333
reference_id AVG-1333
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1333
fixed_packages
0
url pkg:alpm/archlinux/gitlab@13.6.2-1
purl pkg:alpm/archlinux/gitlab@13.6.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1
aliases CVE-2020-26408
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m2hg-kn7f-fygz
6
url VCID-mz6d-zyzb-a3h6
vulnerability_id VCID-mz6d-zyzb-a3h6
summary A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26411
reference_id
reference_type
scores
0
value 0.00097
scoring_system epss
scoring_elements 0.26602
published_at 2026-04-24T12:55:00Z
1
value 0.00097
scoring_system epss
scoring_elements 0.26828
published_at 2026-04-01T12:55:00Z
2
value 0.00097
scoring_system epss
scoring_elements 0.26871
published_at 2026-04-02T12:55:00Z
3
value 0.00097
scoring_system epss
scoring_elements 0.26911
published_at 2026-04-04T12:55:00Z
4
value 0.00097
scoring_system epss
scoring_elements 0.26697
published_at 2026-04-07T12:55:00Z
5
value 0.00097
scoring_system epss
scoring_elements 0.26765
published_at 2026-04-08T12:55:00Z
6
value 0.00097
scoring_system epss
scoring_elements 0.26815
published_at 2026-04-09T12:55:00Z
7
value 0.00097
scoring_system epss
scoring_elements 0.26818
published_at 2026-04-11T12:55:00Z
8
value 0.00097
scoring_system epss
scoring_elements 0.26773
published_at 2026-04-12T12:55:00Z
9
value 0.00097
scoring_system epss
scoring_elements 0.26717
published_at 2026-04-13T12:55:00Z
10
value 0.00097
scoring_system epss
scoring_elements 0.26724
published_at 2026-04-16T12:55:00Z
11
value 0.00097
scoring_system epss
scoring_elements 0.26696
published_at 2026-04-18T12:55:00Z
12
value 0.00097
scoring_system epss
scoring_elements 0.2666
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26411
1
reference_url https://security.archlinux.org/AVG-1333
reference_id AVG-1333
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1333
fixed_packages
0
url pkg:alpm/archlinux/gitlab@13.6.2-1
purl pkg:alpm/archlinux/gitlab@13.6.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1
aliases CVE-2020-26411
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mz6d-zyzb-a3h6
7
url VCID-pg7c-w5h8-2fbk
vulnerability_id VCID-pg7c-w5h8-2fbk
summary A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26409
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37826
published_at 2026-04-24T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.37989
published_at 2026-04-01T12:55:00Z
2
value 0.00169
scoring_system epss
scoring_elements 0.3817
published_at 2026-04-02T12:55:00Z
3
value 0.00169
scoring_system epss
scoring_elements 0.38193
published_at 2026-04-04T12:55:00Z
4
value 0.00169
scoring_system epss
scoring_elements 0.38063
published_at 2026-04-07T12:55:00Z
5
value 0.00169
scoring_system epss
scoring_elements 0.38113
published_at 2026-04-08T12:55:00Z
6
value 0.00169
scoring_system epss
scoring_elements 0.38122
published_at 2026-04-09T12:55:00Z
7
value 0.00169
scoring_system epss
scoring_elements 0.3814
published_at 2026-04-11T12:55:00Z
8
value 0.00169
scoring_system epss
scoring_elements 0.38103
published_at 2026-04-12T12:55:00Z
9
value 0.00169
scoring_system epss
scoring_elements 0.38079
published_at 2026-04-13T12:55:00Z
10
value 0.00169
scoring_system epss
scoring_elements 0.38125
published_at 2026-04-16T12:55:00Z
11
value 0.00169
scoring_system epss
scoring_elements 0.38105
published_at 2026-04-18T12:55:00Z
12
value 0.00169
scoring_system epss
scoring_elements 0.38041
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26409
1
reference_url https://security.archlinux.org/AVG-1333
reference_id AVG-1333
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1333
fixed_packages
0
url pkg:alpm/archlinux/gitlab@13.6.2-1
purl pkg:alpm/archlinux/gitlab@13.6.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1
aliases CVE-2020-26409
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pg7c-w5h8-2fbk
8
url VCID-rafm-7u81-2qhy
vulnerability_id VCID-rafm-7u81-2qhy
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26413
reference_id
reference_type
scores
0
value 0.82145
scoring_system epss
scoring_elements 0.99218
published_at 2026-04-24T12:55:00Z
1
value 0.82145
scoring_system epss
scoring_elements 0.99215
published_at 2026-04-12T12:55:00Z
2
value 0.82145
scoring_system epss
scoring_elements 0.99213
published_at 2026-04-13T12:55:00Z
3
value 0.82145
scoring_system epss
scoring_elements 0.99214
published_at 2026-04-16T12:55:00Z
4
value 0.82145
scoring_system epss
scoring_elements 0.99216
published_at 2026-04-21T12:55:00Z
5
value 0.85659
scoring_system epss
scoring_elements 0.99374
published_at 2026-04-11T12:55:00Z
6
value 0.88741
scoring_system epss
scoring_elements 0.99507
published_at 2026-04-02T12:55:00Z
7
value 0.88741
scoring_system epss
scoring_elements 0.99509
published_at 2026-04-07T12:55:00Z
8
value 0.88741
scoring_system epss
scoring_elements 0.99511
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26413
1
reference_url https://security.archlinux.org/AVG-1333
reference_id AVG-1333
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1333
fixed_packages
0
url pkg:alpm/archlinux/gitlab@13.6.2-1
purl pkg:alpm/archlinux/gitlab@13.6.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1
aliases CVE-2020-26413
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rafm-7u81-2qhy
9
url VCID-uux8-mqnn-dye4
vulnerability_id VCID-uux8-mqnn-dye4
summary Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26415
reference_id
reference_type
scores
0
value 0.00161
scoring_system epss
scoring_elements 0.3672
published_at 2026-04-24T12:55:00Z
1
value 0.00161
scoring_system epss
scoring_elements 0.36933
published_at 2026-04-01T12:55:00Z
2
value 0.00161
scoring_system epss
scoring_elements 0.37103
published_at 2026-04-02T12:55:00Z
3
value 0.00161
scoring_system epss
scoring_elements 0.37136
published_at 2026-04-04T12:55:00Z
4
value 0.00161
scoring_system epss
scoring_elements 0.36964
published_at 2026-04-07T12:55:00Z
5
value 0.00161
scoring_system epss
scoring_elements 0.37015
published_at 2026-04-08T12:55:00Z
6
value 0.00161
scoring_system epss
scoring_elements 0.37028
published_at 2026-04-09T12:55:00Z
7
value 0.00161
scoring_system epss
scoring_elements 0.37038
published_at 2026-04-11T12:55:00Z
8
value 0.00161
scoring_system epss
scoring_elements 0.37003
published_at 2026-04-12T12:55:00Z
9
value 0.00161
scoring_system epss
scoring_elements 0.36977
published_at 2026-04-13T12:55:00Z
10
value 0.00161
scoring_system epss
scoring_elements 0.37022
published_at 2026-04-16T12:55:00Z
11
value 0.00161
scoring_system epss
scoring_elements 0.37005
published_at 2026-04-18T12:55:00Z
12
value 0.00161
scoring_system epss
scoring_elements 0.36945
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26415
1
reference_url https://security.archlinux.org/AVG-1333
reference_id AVG-1333
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1333
fixed_packages
0
url pkg:alpm/archlinux/gitlab@13.6.2-1
purl pkg:alpm/archlinux/gitlab@13.6.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1
aliases CVE-2020-26415
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uux8-mqnn-dye4
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1