Package Instance

reference_id

AVG-794

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2020-6832

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2018-18648

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-237a-hwkp-47ep

url VCID-24up-1zdt-pkba

vulnerability_id VCID-24up-1zdt-pkba

summary An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects.

references

reference_url

reference_id

reference_type

scores

value	0.00075
scoring_system	epss
scoring_elements	0.22526
published_at	2026-04-01T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22698
published_at	2026-04-02T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22743
published_at	2026-04-04T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22531
published_at	2026-04-07T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22609
published_at	2026-04-08T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22662
published_at	2026-04-09T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2268
published_at	2026-04-11T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22639
published_at	2026-04-12T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22583
published_at	2026-04-13T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22598
published_at	2026-04-16T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22594
published_at	2026-04-18T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22544
published_at	2026-04-21T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22393
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-6832

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-6832

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-24up-1zdt-pkba

url VCID-25a9-xgvg-yyet

vulnerability_id VCID-25a9-xgvg-yyet

summary An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events webhooks.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3351

reference_id

reference_type

scores

value	0.00256
scoring_system	epss
scoring_elements	0.49008
published_at	2026-04-24T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49033
published_at	2026-04-11T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49006
published_at	2026-04-12T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49057
published_at	2026-04-16T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49053
published_at	2026-04-18T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49022
published_at	2026-04-21T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48985
published_at	2026-04-02T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49012
published_at	2026-04-13T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48966
published_at	2026-04-07T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.4902
published_at	2026-04-08T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49016
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3351

reference_url

https://hackerone.com/reports/1446022

reference_id

1446022

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T20:22:29Z/

url

https://hackerone.com/reports/1446022

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/364266

reference_id

364266

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T20:22:29Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/364266

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3351.json

reference_id

CVE-2022-3351.json

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T20:22:29Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3351.json

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-3351

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-25a9-xgvg-yyet

url VCID-29g5-5v96-hbd1

vulnerability_id VCID-29g5-5v96-hbd1

summary

references

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-6396

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-29g5-5v96-hbd1

url VCID-29tz-5t7b-8ber

vulnerability_id VCID-29tz-5t7b-8ber

summary A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-15586

reference_id

reference_type

scores

value	0.00143
scoring_system	epss
scoring_elements	0.34469
published_at	2026-04-01T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34688
published_at	2026-04-02T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34714
published_at	2026-04-04T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34584
published_at	2026-04-07T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34627
published_at	2026-04-08T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34656
published_at	2026-04-09T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34658
published_at	2026-04-11T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34619
published_at	2026-04-12T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34596
published_at	2026-04-13T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34634
published_at	2026-04-16T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.3462
published_at	2026-04-18T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34581
published_at	2026-04-21T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34344
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-15586

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-15586

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-29tz-5t7b-8ber

url VCID-2c2h-bx69-sycp

vulnerability_id VCID-2c2h-bx69-sycp

summary In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39889

reference_id

reference_type

scores

value	0.00245
scoring_system	epss
scoring_elements	0.4777
published_at	2026-04-24T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47719
published_at	2026-04-01T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47757
published_at	2026-04-02T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47777
published_at	2026-04-12T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47726
published_at	2026-04-07T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.4778
published_at	2026-04-08T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47776
published_at	2026-04-09T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47801
published_at	2026-04-11T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47787
published_at	2026-04-21T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47842
published_at	2026-04-16T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47834
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39889

reference_url

reference_id

AVG-2432

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19628

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-39889

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2c2h-bx69-sycp

url VCID-2g7c-p1aj-kkh7

vulnerability_id VCID-2g7c-p1aj-kkh7

summary In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions.

references

reference_url

reference_id

reference_type

scores

value	0.02119
scoring_system	epss
scoring_elements	0.84066
published_at	2026-04-01T12:55:00Z

value	0.02119
scoring_system	epss
scoring_elements	0.84079
published_at	2026-04-02T12:55:00Z

value	0.02119
scoring_system	epss
scoring_elements	0.84096
published_at	2026-04-04T12:55:00Z

value	0.02119
scoring_system	epss
scoring_elements	0.84098
published_at	2026-04-07T12:55:00Z

value	0.02119
scoring_system	epss
scoring_elements	0.84121
published_at	2026-04-08T12:55:00Z

value	0.02119
scoring_system	epss
scoring_elements	0.84127
published_at	2026-04-09T12:55:00Z

value	0.02119
scoring_system	epss
scoring_elements	0.84145
published_at	2026-04-11T12:55:00Z

value	0.02119
scoring_system	epss
scoring_elements	0.84139
published_at	2026-04-12T12:55:00Z

value	0.02119
scoring_system	epss
scoring_elements	0.84135
published_at	2026-04-13T12:55:00Z

value	0.02119
scoring_system	epss
scoring_elements	0.84157
published_at	2026-04-16T12:55:00Z

value	0.02119
scoring_system	epss
scoring_elements	0.84159
published_at	2026-04-18T12:55:00Z

value	0.02119
scoring_system	epss
scoring_elements	0.84163
published_at	2026-04-21T12:55:00Z

value	0.02119
scoring_system	epss
scoring_elements	0.84188
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19628

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-19628

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2g7c-p1aj-kkh7

url VCID-2gde-r64m-w3hn

vulnerability_id VCID-2gde-r64m-w3hn

summary GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19261

reference_id

reference_type

scores

value	0.00108
scoring_system	epss
scoring_elements	0.2902
published_at	2026-04-01T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29098
published_at	2026-04-02T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29149
published_at	2026-04-04T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.28959
published_at	2026-04-07T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29024
published_at	2026-04-08T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29066
published_at	2026-04-09T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29071
published_at	2026-04-11T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29027
published_at	2026-04-12T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.28977
published_at	2026-04-13T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29
published_at	2026-04-16T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.28979
published_at	2026-04-18T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.28934
published_at	2026-04-21T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.28813
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19261

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-19261

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2gde-r64m-w3hn

url VCID-2mrs-2r3z-9qew

vulnerability_id VCID-2mrs-2r3z-9qew

summary In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39888

reference_id

reference_type

scores

value	0.00255
scoring_system	epss
scoring_elements	0.48873
published_at	2026-04-24T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48813
published_at	2026-04-01T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.4885
published_at	2026-04-02T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48876
published_at	2026-04-04T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.4883
published_at	2026-04-07T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48884
published_at	2026-04-08T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48881
published_at	2026-04-09T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48897
published_at	2026-04-11T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48872
published_at	2026-04-12T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.4888
published_at	2026-04-13T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48928
published_at	2026-04-16T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48924
published_at	2026-04-18T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48885
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39888

reference_url

reference_id

AVG-2432

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10088

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-39888

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2mrs-2r3z-9qew

url VCID-2pnc-rr5x-fka2

vulnerability_id VCID-2pnc-rr5x-fka2

summary GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level.

references

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html

reference_url

reference_id

reference_type

scores

value	0.00049
scoring_system	epss
scoring_elements	0.1517
published_at	2026-04-24T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.1513
published_at	2026-04-21T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.1524
published_at	2026-04-01T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15278
published_at	2026-04-02T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15346
published_at	2026-04-04T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15149
published_at	2026-04-07T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15238
published_at	2026-04-08T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15289
published_at	2026-04-09T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15259
published_at	2026-04-11T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15221
published_at	2026-04-12T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15157
published_at	2026-04-13T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15071
published_at	2026-04-16T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15081
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10088

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10088

reference_id

CVE-2020-10088

reference_type

scores

value	5.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:N

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10088

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-10088

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2pnc-rr5x-fka2

url VCID-318m-fdm8-nkeh

vulnerability_id VCID-318m-fdm8-nkeh

summary GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.

references

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10076

reference_id

reference_type

scores

value	0.001
scoring_system	epss
scoring_elements	0.27627
published_at	2026-04-24T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27679
published_at	2026-04-21T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27836
published_at	2026-04-11T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27887
published_at	2026-04-02T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27928
published_at	2026-04-04T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27721
published_at	2026-04-07T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27789
published_at	2026-04-08T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27831
published_at	2026-04-09T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27795
published_at	2026-04-12T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27738
published_at	2026-04-13T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27744
published_at	2026-04-16T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27719
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10076

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10076

reference_id

CVE-2020-10076

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10076

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-10076

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-318m-fdm8-nkeh

url VCID-3b26-2ytc-a7h4

vulnerability_id VCID-3b26-2ytc-a7h4

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-5377

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02106
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-5377

reference_url

https://hackerone.com/reports/3640688

reference_id

3640688

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:52:07Z/

url

https://hackerone.com/reports/3640688

reference_url

https://gitlab.com/gitlab-org/gitlab/-/work_items/595553

reference_id

595553

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:52:07Z/

url

https://gitlab.com/gitlab-org/gitlab/-/work_items/595553

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/

reference_id

patch-release-gitlab-18-11-1-released

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:52:07Z/

url

https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-5377

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3b26-2ytc-a7h4

url VCID-3csv-u81e-s7ag

vulnerability_id VCID-3csv-u81e-s7ag

summary An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0805

reference_id

reference_type

scores

value	0.00059
scoring_system	epss
scoring_elements	0.18353
published_at	2026-04-24T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18523
published_at	2026-04-12T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18473
published_at	2026-04-13T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18416
published_at	2026-04-16T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.1843
published_at	2026-04-18T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18451
published_at	2026-04-21T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18667
published_at	2026-04-02T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18721
published_at	2026-04-04T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18435
published_at	2026-04-07T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18515
published_at	2026-04-08T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18568
published_at	2026-04-09T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.1857
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0805

reference_url

https://hackerone.com/reports/1850046

reference_id

1850046

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:33:35Z/

url

https://hackerone.com/reports/1850046

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/391433

reference_id

391433

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:33:35Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/391433

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0805.json

reference_id

CVE-2023-0805.json

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:33:35Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0805.json

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-0805

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3csv-u81e-s7ag

url VCID-3gs4-gqmg-xka1

vulnerability_id VCID-3gs4-gqmg-xka1

summary An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition while uploading specifically crafted large JSON files.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-10858

reference_id

reference_type

scores

value	0.00085
scoring_system	epss
scoring_elements	0.24794
published_at	2026-04-02T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24652
published_at	2026-04-16T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24644
published_at	2026-04-18T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24621
published_at	2026-04-21T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24833
published_at	2026-04-04T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24607
published_at	2026-04-07T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24676
published_at	2026-04-08T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24724
published_at	2026-04-09T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24737
published_at	2026-04-11T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24696
published_at	2026-04-12T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24639
published_at	2026-04-13T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25612
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-10858

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/570034

reference_id

570034

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-26T15:32:43Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/570034

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-10858

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3gs4-gqmg-xka1

url VCID-3h6k-pxpz-ufae

vulnerability_id VCID-3h6k-pxpz-ufae

summary GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6945

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05924
published_at	2026-04-24T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05895
published_at	2026-04-21T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0575
published_at	2026-04-18T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05742
published_at	2026-04-16T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06021
published_at	2026-04-11T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06004
published_at	2026-04-13T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06012
published_at	2026-04-12T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17595
published_at	2026-04-08T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17779
published_at	2026-04-04T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17507
published_at	2026-04-07T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17732
published_at	2026-04-02T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17657
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6945

reference_url

https://hackerone.com/reports/3173458

reference_id

3173458

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-17T20:15:58Z/

url

https://hackerone.com/reports/3173458

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/552611

reference_id

552611

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-17T20:15:58Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/552611

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/

reference_id

patch-release-gitlab-18-5-2-released

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-17T20:15:58Z/

url

https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-6945

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3h6k-pxpz-ufae

url VCID-3kc4-wkcr-fyen

vulnerability_id VCID-3kc4-wkcr-fyen

summary An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12430

reference_id

reference_type

scores

value	0.03738
scoring_system	epss
scoring_elements	0.8795
published_at	2026-04-01T12:55:00Z

value	0.03738
scoring_system	epss
scoring_elements	0.8796
published_at	2026-04-02T12:55:00Z

value	0.03738
scoring_system	epss
scoring_elements	0.87974
published_at	2026-04-04T12:55:00Z

value	0.03738
scoring_system	epss
scoring_elements	0.87978
published_at	2026-04-07T12:55:00Z

value	0.03738
scoring_system	epss
scoring_elements	0.87998
published_at	2026-04-08T12:55:00Z

value	0.03738
scoring_system	epss
scoring_elements	0.88005
published_at	2026-04-09T12:55:00Z

value	0.03738
scoring_system	epss
scoring_elements	0.88015
published_at	2026-04-11T12:55:00Z

value	0.03738
scoring_system	epss
scoring_elements	0.88008
published_at	2026-04-13T12:55:00Z

value	0.03738
scoring_system	epss
scoring_elements	0.88022
published_at	2026-04-16T12:55:00Z

value	0.03738
scoring_system	epss
scoring_elements	0.88021
published_at	2026-04-21T12:55:00Z

value	0.03738
scoring_system	epss
scoring_elements	0.88038
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12430

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-12430

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kc4-wkcr-fyen

url VCID-3mdj-vvxm-c7ce

vulnerability_id VCID-3mdj-vvxm-c7ce

summary GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-11702

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.01158
published_at	2026-04-04T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01151
published_at	2026-04-02T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01168
published_at	2026-04-07T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01814
published_at	2026-04-24T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01722
published_at	2026-04-13T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01711
published_at	2026-04-16T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01712
published_at	2026-04-18T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01803
published_at	2026-04-21T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01741
published_at	2026-04-08T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01749
published_at	2026-04-09T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01734
published_at	2026-04-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01724
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-11702

reference_url

https://hackerone.com/reports/3356284

reference_id

3356284

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:02Z/

url

https://hackerone.com/reports/3356284

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/576900

reference_id

576900

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:02Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/576900

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/

reference_id

patch-release-gitlab-18-5-1-released

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:02Z/

url

https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-11702

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3mdj-vvxm-c7ce

url VCID-3mj7-6ytn-v3au

vulnerability_id VCID-3mj7-6ytn-v3au

summary Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-6323

reference_id

reference_type

scores

value	0.00067
scoring_system	epss
scoring_elements	0.20584
published_at	2026-04-24T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.2071
published_at	2026-04-18T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20697
published_at	2026-04-21T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20888
published_at	2026-04-02T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20948
published_at	2026-04-04T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20662
published_at	2026-04-07T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20738
published_at	2026-04-08T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20799
published_at	2026-04-09T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20818
published_at	2026-04-11T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20775
published_at	2026-04-12T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20723
published_at	2026-04-13T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20713
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-6323

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/457912

reference_id

457912

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-02T15:49:24Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/457912

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-6323

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3mj7-6ytn-v3au

url VCID-3sq5-5xuv-6ydz

vulnerability_id VCID-3sq5-5xuv-6ydz

summary An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4343

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.11694
published_at	2026-04-24T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11611
published_at	2026-04-16T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.1161
published_at	2026-04-18T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11733
published_at	2026-04-21T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11834
published_at	2026-04-02T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11876
published_at	2026-04-04T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11663
published_at	2026-04-07T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11747
published_at	2026-04-13T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.118
published_at	2026-04-09T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11811
published_at	2026-04-11T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11772
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4343

reference_url

https://hackerone.com/reports/1767797

reference_id

1767797

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:26:51Z/

url

https://hackerone.com/reports/1767797

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/385124

reference_id

385124

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:26:51Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/385124

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-4343

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3sq5-5xuv-6ydz

url VCID-3tce-4yu6-k3cc

vulnerability_id VCID-3tce-4yu6-k3cc

summary GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security configuration due to improper access control

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-14595

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02835
published_at	2026-04-24T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02719
published_at	2026-04-16T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02731
published_at	2026-04-18T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02843
published_at	2026-04-21T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02743
published_at	2026-04-02T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02759
published_at	2026-04-04T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02765
published_at	2026-04-07T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02768
published_at	2026-04-08T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02787
published_at	2026-04-09T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02757
published_at	2026-04-11T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.0274
published_at	2026-04-12T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02736
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-14595

reference_url

https://hackerone.com/reports/3457779

reference_id

3457779

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:58:30Z/

url

https://hackerone.com/reports/3457779

reference_url

https://gitlab.com/gitlab-org/gitlab/-/work_items/583971

reference_id

583971

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:58:30Z/

url

https://gitlab.com/gitlab-org/gitlab/-/work_items/583971

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/

reference_id

patch-release-gitlab-18-10-1-released

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:58:30Z/

url

https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-14595

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3tce-4yu6-k3cc

url VCID-3tzg-w2p4-byd1

vulnerability_id VCID-3tzg-w2p4-byd1

summary An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or merge to protected branches.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6564

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07302
published_at	2026-04-24T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07345
published_at	2026-04-21T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07215
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.0726
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07239
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07294
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.0732
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07316
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07303
published_at	2026-04-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07224
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07219
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6564

reference_url

https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17213

reference_id

17213

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T19:46:07Z/

url

https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17213

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-6564

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3tzg-w2p4-byd1

url VCID-3tzx-frpw-1ff4

vulnerability_id VCID-3tzx-frpw-1ff4

summary An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to gain unauthorized access to confidential issues by creating a project with an identical name to the victim's project.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-5069

reference_id

reference_type

scores

value	8e-05
scoring_system	epss
scoring_elements	0.00716
published_at	2026-04-02T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00699
published_at	2026-04-12T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00698
published_at	2026-04-13T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00696
published_at	2026-04-16T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00701
published_at	2026-04-18T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00743
published_at	2026-04-21T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00712
published_at	2026-04-04T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00717
published_at	2026-04-07T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00715
published_at	2026-04-08T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00706
published_at	2026-04-09T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00705
published_at	2026-04-11T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00906
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-5069

reference_url

https://hackerone.com/reports/3019236

reference_id

3019236

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T13:11:58Z/

url

https://hackerone.com/reports/3019236

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/544926

reference_id

544926

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T13:11:58Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/544926

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-5069

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3tzx-frpw-1ff4

url VCID-3ugm-9xb8-auep

vulnerability_id VCID-3ugm-9xb8-auep

summary GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-15594

reference_id

reference_type

scores

value	0.00339
scoring_system	epss
scoring_elements	0.56582
published_at	2026-04-01T12:55:00Z

value	0.00339
scoring_system	epss
scoring_elements	0.56679
published_at	2026-04-02T12:55:00Z

value	0.00339
scoring_system	epss
scoring_elements	0.567
published_at	2026-04-21T12:55:00Z

value	0.00339
scoring_system	epss
scoring_elements	0.56678
published_at	2026-04-07T12:55:00Z

value	0.00339
scoring_system	epss
scoring_elements	0.5673
published_at	2026-04-08T12:55:00Z

value	0.00339
scoring_system	epss
scoring_elements	0.56734
published_at	2026-04-09T12:55:00Z

value	0.00339
scoring_system	epss
scoring_elements	0.56742
published_at	2026-04-11T12:55:00Z

value	0.00339
scoring_system	epss
scoring_elements	0.56718
published_at	2026-04-12T12:55:00Z

value	0.00339
scoring_system	epss
scoring_elements	0.56697
published_at	2026-04-13T12:55:00Z

value	0.00339
scoring_system	epss
scoring_elements	0.56728
published_at	2026-04-16T12:55:00Z

value	0.00339
scoring_system	epss
scoring_elements	0.56726
published_at	2026-04-18T12:55:00Z

value	0.00339
scoring_system	epss
scoring_elements	0.56638
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-15594

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-15594

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ugm-9xb8-auep

url VCID-3v4x-dgv8-3fbk

vulnerability_id VCID-3v4x-dgv8-3fbk

summary GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7978

reference_id

reference_type

scores

value	0.00141
scoring_system	epss
scoring_elements	0.34101
published_at	2026-04-01T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34441
published_at	2026-04-02T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34469
published_at	2026-04-04T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34336
published_at	2026-04-07T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34379
published_at	2026-04-08T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34408
published_at	2026-04-09T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.3441
published_at	2026-04-11T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34371
published_at	2026-04-12T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34347
published_at	2026-04-13T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34381
published_at	2026-04-16T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34368
published_at	2026-04-18T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34327
published_at	2026-04-21T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.33955
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7978

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-7978

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3v4x-dgv8-3fbk

url VCID-3xbq-u1r1-8ucx

vulnerability_id VCID-3xbq-u1r1-8ucx

summary An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-1825

reference_id

reference_type

scores

value	0.00303
scoring_system	epss
scoring_elements	0.53623
published_at	2026-04-24T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53653
published_at	2026-04-12T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53636
published_at	2026-04-13T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53673
published_at	2026-04-16T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53678
published_at	2026-04-18T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53661
published_at	2026-04-21T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53607
published_at	2026-04-04T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53576
published_at	2026-04-07T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53626
published_at	2026-04-08T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53622
published_at	2026-04-09T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53671
published_at	2026-04-11T12:55:00Z

value	0.00357
scoring_system	epss
scoring_elements	0.57967
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-1825

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/384035

reference_id

384035

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:56:35Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/384035

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1825.json

reference_id

CVE-2023-1825.json

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:56:35Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1825.json

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-1825

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3xbq-u1r1-8ucx

url VCID-3xq1-rm4q-r3aa

vulnerability_id VCID-3xq1-rm4q-r3aa

summary An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-9596

reference_id

reference_type

scores

value	0.00131
scoring_system	epss
scoring_elements	0.32375
published_at	2026-04-24T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32567
published_at	2026-04-18T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32535
published_at	2026-04-21T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32685
published_at	2026-04-02T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.3272
published_at	2026-04-04T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.3254
published_at	2026-04-07T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32588
published_at	2026-04-08T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32614
published_at	2026-04-09T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32616
published_at	2026-04-11T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32577
published_at	2026-04-12T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32551
published_at	2026-04-13T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32589
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-9596

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/493355

reference_id

493355

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:54:54Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/493355

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-9596

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3xq1-rm4q-r3aa

url VCID-48bc-4shc-9yax

vulnerability_id VCID-48bc-4shc-9yax

summary A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22259

reference_id

reference_type

scores

value	0.00282
scoring_system	epss
scoring_elements	0.51588
published_at	2026-04-24T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.51506
published_at	2026-04-01T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.51558
published_at	2026-04-02T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.51585
published_at	2026-04-04T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.51546
published_at	2026-04-07T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.516
published_at	2026-04-08T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.51597
published_at	2026-04-09T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.51646
published_at	2026-04-11T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.51625
published_at	2026-04-12T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.51609
published_at	2026-04-13T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.5165
published_at	2026-04-16T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.51657
published_at	2026-04-18T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.51636
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22259

reference_url

reference_id

AVG-2432

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2019-6793

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-22259

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48bc-4shc-9yax

url VCID-48fk-q4qh-pkcz

vulnerability_id VCID-48fk-q4qh-pkcz

summary An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.

references

reference_url	https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/

reference_url

reference_id

reference_type

scores

value	0.05289
scoring_system	epss
scoring_elements	0.90042
published_at	2026-04-24T12:55:00Z

value	0.05289
scoring_system	epss
scoring_elements	0.90025
published_at	2026-04-21T12:55:00Z

value	0.05289
scoring_system	epss
scoring_elements	0.89969
published_at	2026-04-01T12:55:00Z

value	0.05289
scoring_system	epss
scoring_elements	0.89971
published_at	2026-04-02T12:55:00Z

value	0.05289
scoring_system	epss
scoring_elements	0.89984
published_at	2026-04-04T12:55:00Z

value	0.05289
scoring_system	epss
scoring_elements	0.89989
published_at	2026-04-07T12:55:00Z

value	0.05289
scoring_system	epss
scoring_elements	0.90005
published_at	2026-04-08T12:55:00Z

value	0.05289
scoring_system	epss
scoring_elements	0.90011
published_at	2026-04-13T12:55:00Z

value	0.05289
scoring_system	epss
scoring_elements	0.90019
published_at	2026-04-11T12:55:00Z

value	0.05289
scoring_system	epss
scoring_elements	0.90017
published_at	2026-04-12T12:55:00Z

value	0.05289
scoring_system	epss
scoring_elements	0.90027
published_at	2026-04-16T12:55:00Z

value	0.05289
scoring_system	epss
scoring_elements	0.90028
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-6793

reference_url	https://gitlab.com/gitlab-org/gitlab-ce/issues/50748
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/gitlab-ce/issues/50748

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-6793

reference_id

CVE-2019-6793

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L

url

https://nvd.nist.gov/vuln/detail/CVE-2019-6793

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-6793

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48fk-q4qh-pkcz

url VCID-49ze-sajt-pqhj

vulnerability_id VCID-49ze-sajt-pqhj

summary An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22169

reference_id

reference_type

scores

value	0.002
scoring_system	epss
scoring_elements	0.42008
published_at	2026-04-24T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42062
published_at	2026-04-01T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42123
published_at	2026-04-02T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42151
published_at	2026-04-04T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42088
published_at	2026-04-07T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42139
published_at	2026-04-08T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.4215
published_at	2026-04-09T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42172
published_at	2026-04-11T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42135
published_at	2026-04-12T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42111
published_at	2026-04-13T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42162
published_at	2026-04-16T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42136
published_at	2026-04-18T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42066
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22169

reference_url

https://security.archlinux.org/AVG-1522

reference_id

AVG-1522

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1522

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-22169

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-49ze-sajt-pqhj

url VCID-4hy7-yhb6-dqeq

vulnerability_id VCID-4hy7-yhb6-dqeq

summary An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-20143

reference_id

reference_type

scores

value	0.00075
scoring_system	epss
scoring_elements	0.22447
published_at	2026-04-01T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2262
published_at	2026-04-02T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22663
published_at	2026-04-04T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22452
published_at	2026-04-07T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22533
published_at	2026-04-08T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22588
published_at	2026-04-09T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22603
published_at	2026-04-11T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22562
published_at	2026-04-12T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22508
published_at	2026-04-13T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22523
published_at	2026-04-16T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22518
published_at	2026-04-18T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22468
published_at	2026-04-21T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22312
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-20143

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-20143

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4hy7-yhb6-dqeq

url VCID-4nq8-46us-fqdx

vulnerability_id VCID-4nq8-46us-fqdx

summary GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18643

reference_id

reference_type

scores

value	0.00096
scoring_system	epss
scoring_elements	0.26518
published_at	2026-04-24T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26746
published_at	2026-04-01T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26792
published_at	2026-04-02T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26832
published_at	2026-04-04T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26616
published_at	2026-04-07T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26683
published_at	2026-04-08T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26733
published_at	2026-04-09T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26737
published_at	2026-04-11T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26693
published_at	2026-04-12T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26636
published_at	2026-04-13T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26643
published_at	2026-04-16T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26615
published_at	2026-04-18T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26576
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18643

reference_url	https://security.archlinux.org/ASA-201810-16
reference_id	ASA-201810-16
reference_type
scores
url	https://security.archlinux.org/ASA-201810-16

reference_url

reference_id

AVG-794

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7969

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2018-18643

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4nq8-46us-fqdx

url VCID-4ta4-kfy3-akhe

vulnerability_id VCID-4ta4-kfy3-akhe

summary GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.

references

reference_url

reference_id

reference_type

scores

value	0.00077
scoring_system	epss
scoring_elements	0.22898
published_at	2026-04-01T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23068
published_at	2026-04-02T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23113
published_at	2026-04-04T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22904
published_at	2026-04-07T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22976
published_at	2026-04-08T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23029
published_at	2026-04-09T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23048
published_at	2026-04-11T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23011
published_at	2026-04-12T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22956
published_at	2026-04-13T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22971
published_at	2026-04-16T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22964
published_at	2026-04-18T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22928
published_at	2026-04-21T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22758
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7969

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-7969

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ta4-kfy3-akhe

url VCID-4thp-7bpj-aug4

vulnerability_id VCID-4thp-7bpj-aug4

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-6515

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.0173
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-6515

reference_url

https://gitlab.com/gitlab-org/gitlab/-/work_items/595993

reference_id

595993

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:50:48Z/

url

https://gitlab.com/gitlab-org/gitlab/-/work_items/595993

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/

reference_id

patch-release-gitlab-18-11-1-released

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:50:48Z/

url

https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-6515

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4thp-7bpj-aug4

url VCID-4vm6-67ra-6fct

vulnerability_id VCID-4vm6-67ra-6fct

summary Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-26416

reference_id

reference_type

scores

value	0.00042
scoring_system	epss
scoring_elements	0.12896
published_at	2026-04-24T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12921
published_at	2026-04-01T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.13012
published_at	2026-04-02T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.13063
published_at	2026-04-04T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12862
published_at	2026-04-07T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.1294
published_at	2026-04-08T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12991
published_at	2026-04-09T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12951
published_at	2026-04-11T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12916
published_at	2026-04-12T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12871
published_at	2026-04-13T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12773
published_at	2026-04-16T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12777
published_at	2026-04-18T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12875
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-26416

reference_url

reference_id

AVG-1347

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4002

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-26416

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4vm6-67ra-6fct

url VCID-4wbe-6aps-vbb5

vulnerability_id VCID-4wbe-6aps-vbb5

summary An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies.

references

reference_url

reference_id

reference_type

scores

value	0.00059
scoring_system	epss
scoring_elements	0.1847
published_at	2026-04-24T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18575
published_at	2026-04-21T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18789
published_at	2026-04-02T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18842
published_at	2026-04-04T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18561
published_at	2026-04-07T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.1864
published_at	2026-04-08T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18695
published_at	2026-04-09T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.187
published_at	2026-04-11T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18652
published_at	2026-04-12T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.186
published_at	2026-04-13T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18546
published_at	2026-04-16T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18555
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4002

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/416647

reference_id

416647

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T15:43:20Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/416647

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-4002

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4wbe-6aps-vbb5

url VCID-53q6-5862-v7gn

vulnerability_id VCID-53q6-5862-v7gn

summary An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5487

reference_id

reference_type

scores

value	0.00347
scoring_system	epss
scoring_elements	0.57207
published_at	2026-04-01T12:55:00Z

value	0.00347
scoring_system	epss
scoring_elements	0.57288
published_at	2026-04-02T12:55:00Z

value	0.00347
scoring_system	epss
scoring_elements	0.57311
published_at	2026-04-04T12:55:00Z

value	0.00347
scoring_system	epss
scoring_elements	0.57287
published_at	2026-04-07T12:55:00Z

value	0.00347
scoring_system	epss
scoring_elements	0.57339
published_at	2026-04-08T12:55:00Z

value	0.00347
scoring_system	epss
scoring_elements	0.57341
published_at	2026-04-09T12:55:00Z

value	0.00347
scoring_system	epss
scoring_elements	0.57355
published_at	2026-04-11T12:55:00Z

value	0.00347
scoring_system	epss
scoring_elements	0.57336
published_at	2026-04-12T12:55:00Z

value	0.00347
scoring_system	epss
scoring_elements	0.57315
published_at	2026-04-13T12:55:00Z

value	0.00347
scoring_system	epss
scoring_elements	0.57342
published_at	2026-04-16T12:55:00Z

value	0.00347
scoring_system	epss
scoring_elements	0.57337
published_at	2026-04-18T12:55:00Z

value	0.00347
scoring_system	epss
scoring_elements	0.57316
published_at	2026-04-21T12:55:00Z

value	0.00347
scoring_system	epss
scoring_elements	0.57273
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5487

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-5487

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53q6-5862-v7gn

url VCID-53qj-x6qr-5bez

vulnerability_id VCID-53qj-x6qr-5bez

summary GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19578

reference_id

reference_type

scores

value	0.00092
scoring_system	epss
scoring_elements	0.25972
published_at	2026-04-01T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.26055
published_at	2026-04-02T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.26097
published_at	2026-04-04T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25863
published_at	2026-04-07T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25933
published_at	2026-04-08T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25985
published_at	2026-04-09T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25995
published_at	2026-04-11T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25951
published_at	2026-04-12T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25891
published_at	2026-04-13T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25894
published_at	2026-04-16T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25876
published_at	2026-04-18T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25845
published_at	2026-04-21T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25781
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19578

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2018-19578

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53qj-x6qr-5bez

url VCID-55vs-4nhw-vubr

vulnerability_id VCID-55vs-4nhw-vubr

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.7 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to create a denial of service condition by uploading large files to specific API endpoints.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-11974

reference_id

reference_type

scores

value	0.00057
scoring_system	epss
scoring_elements	0.18075
published_at	2026-04-04T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.18021
published_at	2026-04-02T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20698
published_at	2026-04-24T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20836
published_at	2026-04-18T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20818
published_at	2026-04-21T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20791
published_at	2026-04-07T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20871
published_at	2026-04-08T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20932
published_at	2026-04-09T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20949
published_at	2026-04-11T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20905
published_at	2026-04-12T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20853
published_at	2026-04-13T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20844
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-11974

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/571761

reference_id

571761

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T14:59:43Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/571761

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/

reference_id

patch-release-gitlab-18-5-1-released

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T14:59:43Z/

url

https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-11974

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-55vs-4nhw-vubr

url VCID-56wd-rh4g-b3hg

vulnerability_id VCID-56wd-rh4g-b3hg

summary An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom service desk email addresses.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-0765

reference_id

reference_type

scores

value	0.00017
scoring_system	epss
scoring_elements	0.04055
published_at	2026-04-04T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04036
published_at	2026-04-02T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04075
published_at	2026-04-08T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.0407
published_at	2026-04-07T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06403
published_at	2026-04-24T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06119
published_at	2026-04-13T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.0608
published_at	2026-04-16T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06092
published_at	2026-04-18T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06389
published_at	2026-04-21T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06139
published_at	2026-04-09T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.0613
published_at	2026-04-11T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06126
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-0765

reference_url

https://hackerone.com/reports/2956315

reference_id

2956315

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-24T13:09:53Z/

url

https://hackerone.com/reports/2956315

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/515381

reference_id

515381

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-24T13:09:53Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/515381

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-0765

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-56wd-rh4g-b3hg

url VCID-58kh-kcb1-jbhy

vulnerability_id VCID-58kh-kcb1-jbhy

summary An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3904

reference_id

reference_type

scores

value	0.00023
scoring_system	epss
scoring_elements	0.06094
published_at	2026-04-02T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06123
published_at	2026-04-04T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06108
published_at	2026-04-07T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.0615
published_at	2026-04-08T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06187
published_at	2026-04-09T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06179
published_at	2026-04-11T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06175
published_at	2026-04-12T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06166
published_at	2026-04-13T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06125
published_at	2026-04-16T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06136
published_at	2026-04-18T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06289
published_at	2026-04-21T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06306
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3904

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-3904

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-58kh-kcb1-jbhy

url VCID-59hw-hc3p-mfb3

vulnerability_id VCID-59hw-hc3p-mfb3

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-14594

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02593
published_at	2026-04-02T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02635
published_at	2026-04-09T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02614
published_at	2026-04-11T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02601
published_at	2026-04-12T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02599
published_at	2026-04-13T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02582
published_at	2026-04-16T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.0259
published_at	2026-04-18T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02607
published_at	2026-04-04T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02611
published_at	2026-04-07T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02615
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.038
published_at	2026-04-24T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03794
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-14594

reference_url

https://hackerone.com/reports/3457591

reference_id

3457591

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:17:08Z/

url

https://hackerone.com/reports/3457591

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/583967

reference_id

583967

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:17:08Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/583967

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

reference_id

patch-release-gitlab-18-8-4-released

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:17:08Z/

url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-14594

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-59hw-hc3p-mfb3

url VCID-5d64-9dru-b7hx

vulnerability_id VCID-5d64-9dru-b7hx

summary An issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the policy bot to gain access to internal projects.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-5995

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.12008
published_at	2026-04-02T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.12052
published_at	2026-04-04T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11854
published_at	2026-04-07T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11937
published_at	2026-04-08T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11989
published_at	2026-04-09T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11998
published_at	2026-04-11T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11961
published_at	2026-04-12T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11934
published_at	2026-04-13T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11805
published_at	2026-04-16T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11802
published_at	2026-04-18T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11921
published_at	2026-04-21T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11891
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-5995

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-5995

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5d64-9dru-b7hx

url VCID-5jah-h98s-j3fz

vulnerability_id VCID-5jah-h98s-j3fz

summary GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL queries.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-1101

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04721
published_at	2026-04-09T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04715
published_at	2026-04-11T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04697
published_at	2026-04-12T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0468
published_at	2026-04-13T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05923
published_at	2026-04-18T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06075
published_at	2026-04-21T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06098
published_at	2026-04-24T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05912
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-1101

reference_url

https://hackerone.com/reports/3460228

reference_id

3460228

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:40:51Z/

url

https://hackerone.com/reports/3460228

reference_url

https://gitlab.com/gitlab-org/gitlab/-/work_items/586488

reference_id

586488

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:40:51Z/

url

https://gitlab.com/gitlab-org/gitlab/-/work_items/586488

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

reference_id

patch-release-gitlab-18-10-3-released

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:40:51Z/

url

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-1101

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5jah-h98s-j3fz

url VCID-5mst-deb6-u7ea

vulnerability_id VCID-5mst-deb6-u7ea

summary The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4583

reference_id

reference_type

scores

value	0.00301
scoring_system	epss
scoring_elements	0.53366
published_at	2026-04-01T12:55:00Z

value	0.00301
scoring_system	epss
scoring_elements	0.53389
published_at	2026-04-02T12:55:00Z

value	0.00301
scoring_system	epss
scoring_elements	0.53415
published_at	2026-04-04T12:55:00Z

value	0.00301
scoring_system	epss
scoring_elements	0.53384
published_at	2026-04-07T12:55:00Z

value	0.00301
scoring_system	epss
scoring_elements	0.53436
published_at	2026-04-08T12:55:00Z

value	0.00301
scoring_system	epss
scoring_elements	0.53432
published_at	2026-04-09T12:55:00Z

value	0.00301
scoring_system	epss
scoring_elements	0.53481
published_at	2026-04-11T12:55:00Z

value	0.00301
scoring_system	epss
scoring_elements	0.53464
published_at	2026-04-12T12:55:00Z

value	0.00301
scoring_system	epss
scoring_elements	0.53448
published_at	2026-04-13T12:55:00Z

value	0.00301
scoring_system	epss
scoring_elements	0.53485
published_at	2026-04-16T12:55:00Z

value	0.00301
scoring_system	epss
scoring_elements	0.5349
published_at	2026-04-18T12:55:00Z

value	0.00301
scoring_system	epss
scoring_elements	0.53471
published_at	2026-04-21T12:55:00Z

value	0.00301
scoring_system	epss
scoring_elements	0.53442
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4583

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2013-4583

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5mst-deb6-u7ea

url VCID-5t22-tj15-k7e2

vulnerability_id VCID-5t22-tj15-k7e2

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-5816

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02261
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-5816

reference_url

https://hackerone.com/reports/3572231

reference_id

3572231

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T17:51:35Z/

url

https://hackerone.com/reports/3572231

reference_url

https://gitlab.com/gitlab-org/gitlab/-/work_items/592816

reference_id

592816

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T17:51:35Z/

url

https://gitlab.com/gitlab-org/gitlab/-/work_items/592816

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/

reference_id

patch-release-gitlab-18-11-1-released

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T17:51:35Z/

url

https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-5816

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5t22-tj15-k7e2

url VCID-5wbt-x41a-e7bs

vulnerability_id VCID-5wbt-x41a-e7bs

summary An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22166

reference_id

reference_type

scores

value	0.0015
scoring_system	epss
scoring_elements	0.35307
published_at	2026-04-24T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35449
published_at	2026-04-01T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35648
published_at	2026-04-02T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35673
published_at	2026-04-04T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35554
published_at	2026-04-07T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35599
published_at	2026-04-08T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35623
published_at	2026-04-09T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35633
published_at	2026-04-11T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35588
published_at	2026-04-12T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35566
published_at	2026-04-13T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35605
published_at	2026-04-16T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35594
published_at	2026-04-18T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35546
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22166

reference_url	https://security.archlinux.org/ASA-202101-10
reference_id	ASA-202101-10
reference_type
scores
url	https://security.archlinux.org/ASA-202101-10

reference_url

https://security.archlinux.org/AVG-1416

reference_id

AVG-1416

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1416

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-22166

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5wbt-x41a-e7bs

url VCID-5yph-sn9e-77cm

vulnerability_id VCID-5yph-sn9e-77cm

summary GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered.

references

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10082

reference_id

reference_type

scores

value	0.00114
scoring_system	epss
scoring_elements	0.29808
published_at	2026-04-24T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29883
published_at	2026-04-21T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.3003
published_at	2026-04-01T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.30067
published_at	2026-04-02T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.30114
published_at	2026-04-04T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29927
published_at	2026-04-07T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29989
published_at	2026-04-08T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.30023
published_at	2026-04-09T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.30029
published_at	2026-04-11T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29984
published_at	2026-04-12T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29935
published_at	2026-04-13T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29951
published_at	2026-04-16T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29931
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10082

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10082

reference_id

CVE-2020-10082

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10082

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-10082

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5yph-sn9e-77cm

url VCID-61tr-7wfd-2yf4

vulnerability_id VCID-61tr-7wfd-2yf4

summary An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-0673

reference_id

reference_type

scores

value	0.00017
scoring_system	epss
scoring_elements	0.04105
published_at	2026-04-04T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04085
published_at	2026-04-02T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04119
published_at	2026-04-07T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14689
published_at	2026-04-24T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14695
published_at	2026-04-13T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.1459
published_at	2026-04-16T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14596
published_at	2026-04-18T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14657
published_at	2026-04-21T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14769
published_at	2026-04-08T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.1483
published_at	2026-04-09T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14789
published_at	2026-04-11T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14751
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-0673

reference_url

https://hackerone.com/reports/2936949

reference_id

2936949

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:44Z/

url

https://hackerone.com/reports/2936949

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/514732

reference_id

514732

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:44Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/514732

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-0673

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-61tr-7wfd-2yf4

url VCID-621k-br7q-uke3

vulnerability_id VCID-621k-br7q-uke3

summary An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information.

references

reference_url	https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-15725

reference_id

reference_type

scores

value	0.00463
scoring_system	epss
scoring_elements	0.64327
published_at	2026-04-24T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64317
published_at	2026-04-18T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64186
published_at	2026-04-01T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64244
published_at	2026-04-02T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64271
published_at	2026-04-04T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64232
published_at	2026-04-07T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64282
published_at	2026-04-08T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64297
published_at	2026-04-09T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.6431
published_at	2026-04-11T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64299
published_at	2026-04-12T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64272
published_at	2026-04-13T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64307
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-15725

reference_url	https://gitlab.com/gitlab-org/gitlab-ee/issues/11431
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/gitlab-ee/issues/11431

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-15725

reference_id

CVE-2019-15725

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-15725

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-15725

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-621k-br7q-uke3

url VCID-66a9-vpgx-p7fp

vulnerability_id VCID-66a9-vpgx-p7fp

summary In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13288

reference_id

reference_type

scores

value	0.00197
scoring_system	epss
scoring_elements	0.41644
published_at	2026-04-01T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41728
published_at	2026-04-02T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41756
published_at	2026-04-04T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41683
published_at	2026-04-07T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41733
published_at	2026-04-08T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41741
published_at	2026-04-09T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41764
published_at	2026-04-16T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41731
published_at	2026-04-12T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41717
published_at	2026-04-13T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41738
published_at	2026-04-18T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41664
published_at	2026-04-21T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41572
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13288

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-13288

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66a9-vpgx-p7fp

url VCID-68y2-v6p9-byge

vulnerability_id VCID-68y2-v6p9-byge

summary An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5467

reference_id

reference_type

scores

value	0.0007
scoring_system	epss
scoring_elements	0.21169
published_at	2026-04-24T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21304
published_at	2026-04-21T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21309
published_at	2026-04-01T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21465
published_at	2026-04-02T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21519
published_at	2026-04-04T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21272
published_at	2026-04-07T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21351
published_at	2026-04-08T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21412
published_at	2026-04-09T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.2142
published_at	2026-04-11T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21381
published_at	2026-04-12T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21326
published_at	2026-04-13T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21321
published_at	2026-04-16T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21329
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5467

reference_url	https://gitlab.com/gitlab-org/gitlab-ce/issues/60143
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/gitlab-ce/issues/60143

reference_url	https://hackerone.com/reports/526325
reference_id
reference_type
scores
url	https://hackerone.com/reports/526325

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-5467

reference_id

CVE-2019-5467

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-5467

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-5467

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-68y2-v6p9-byge

url VCID-6a5t-28zw-mkcq

vulnerability_id VCID-6a5t-28zw-mkcq

summary GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7966

reference_id

reference_type

scores

value	0.00055
scoring_system	epss
scoring_elements	0.17128
published_at	2026-04-01T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17294
published_at	2026-04-02T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17343
published_at	2026-04-04T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17124
published_at	2026-04-07T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17215
published_at	2026-04-08T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17272
published_at	2026-04-09T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17251
published_at	2026-04-11T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17203
published_at	2026-04-12T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17143
published_at	2026-04-13T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17082
published_at	2026-04-16T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17088
published_at	2026-04-18T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17122
published_at	2026-04-21T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17028
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7966

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-7966

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6a5t-28zw-mkcq

url VCID-6avw-ar1d-tudd

vulnerability_id VCID-6avw-ar1d-tudd

summary Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22240

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.45239
published_at	2026-04-24T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4532
published_at	2026-04-02T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45342
published_at	2026-04-04T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45285
published_at	2026-04-07T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4534
published_at	2026-04-09T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45362
published_at	2026-04-11T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4533
published_at	2026-04-12T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45332
published_at	2026-04-13T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45383
published_at	2026-04-16T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45379
published_at	2026-04-18T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45329
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22240

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-22240

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6avw-ar1d-tudd

url VCID-6g7d-ehrz-7ugt

vulnerability_id VCID-6g7d-ehrz-7ugt

summary An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with `admin_compliance_framework` custom role may have been able to modify the URL for a group namespace.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-5257

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.08114
published_at	2026-04-24T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08108
published_at	2026-04-13T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08015
published_at	2026-04-16T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08
published_at	2026-04-18T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08156
published_at	2026-04-21T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08076
published_at	2026-04-02T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08119
published_at	2026-04-04T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08069
published_at	2026-04-07T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.0813
published_at	2026-04-08T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08151
published_at	2026-04-09T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08145
published_at	2026-04-11T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08125
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-5257

reference_url

https://hackerone.com/reports/2513934

reference_id

2513934

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-23T18:30:14Z/

url

https://hackerone.com/reports/2513934

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/463149

reference_id

463149

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-23T18:30:14Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/463149

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-5257

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6g7d-ehrz-7ugt

url VCID-6gnx-62th-ufas

vulnerability_id VCID-6gnx-62th-ufas

summary An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim via the Device OAuth flow.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-7404

reference_id

reference_type

scores

value	0.00118
scoring_system	epss
scoring_elements	0.30756
published_at	2026-04-02T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30804
published_at	2026-04-04T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36914
published_at	2026-04-11T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36854
published_at	2026-04-13T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36906
published_at	2026-04-09T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36879
published_at	2026-04-12T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36839
published_at	2026-04-07T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.3689
published_at	2026-04-08T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51575
published_at	2026-04-16T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51583
published_at	2026-04-18T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.58815
published_at	2026-04-24T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.58832
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-7404

reference_url

https://hackerone.com/reports/2627925

reference_id

2627925

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-14T15:07:52Z/

url

https://hackerone.com/reports/2627925

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/476670

reference_id

476670

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-14T15:07:52Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/476670

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#device-oauth-flow-allows-for-cross-window-forgery

reference_id

#device-oauth-flow-allows-for-cross-window-forgery

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-14T15:07:52Z/

url

https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#device-oauth-flow-allows-for-cross-window-forgery

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-7404

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6gnx-62th-ufas

url VCID-6qcm-yqpn-k3ax

vulnerability_id VCID-6qcm-yqpn-k3ax

summary An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6186

reference_id

reference_type

scores

value	0.00049
scoring_system	epss
scoring_elements	0.15406
published_at	2026-04-02T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15279
published_at	2026-04-07T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15368
published_at	2026-04-08T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15418
published_at	2026-04-09T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15379
published_at	2026-04-11T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.1534
published_at	2026-04-12T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15275
published_at	2026-04-13T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15189
published_at	2026-04-16T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15476
published_at	2026-04-04T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.16761
published_at	2026-04-18T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.16794
published_at	2026-04-21T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.16699
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6186

reference_url

https://hackerone.com/reports/3189522

reference_id

3189522

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-13T20:36:42Z/

url

https://hackerone.com/reports/3189522

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/549844

reference_id

549844

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-13T20:36:42Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/549844

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-6186

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6qcm-yqpn-k3ax

url VCID-6z5v-da6y-d3gg

vulnerability_id VCID-6z5v-da6y-d3gg

summary An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-1965

reference_id

reference_type

scores

value	0.00061
scoring_system	epss
scoring_elements	0.1894
published_at	2026-04-24T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19123
published_at	2026-04-12T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19071
published_at	2026-04-13T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19027
published_at	2026-04-16T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19039
published_at	2026-04-18T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19048
published_at	2026-04-21T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19264
published_at	2026-04-02T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19316
published_at	2026-04-04T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19031
published_at	2026-04-07T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.1911
published_at	2026-04-08T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19164
published_at	2026-04-09T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.1917
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-1965

reference_url

https://hackerone.com/reports/1923672

reference_id

1923672

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-29T21:39:52Z/

url

https://hackerone.com/reports/1923672

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/406235

reference_id

406235

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-29T21:39:52Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/406235

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1965.json

reference_id

CVE-2023-1965.json

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-29T21:39:52Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1965.json

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-1965

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6z5v-da6y-d3gg

url VCID-6ze1-1hs4-wyhb

vulnerability_id VCID-6ze1-1hs4-wyhb

summary Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4167

reference_id

reference_type

scores

value	0.00197
scoring_system	epss
scoring_elements	0.41461
published_at	2026-04-24T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41622
published_at	2026-04-13T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41643
published_at	2026-04-18T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41568
published_at	2026-04-21T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41631
published_at	2026-04-02T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41659
published_at	2026-04-04T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41586
published_at	2026-04-07T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41636
published_at	2026-04-12T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41645
published_at	2026-04-09T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41669
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4167

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/367740

reference_id

367740

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:28:24Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/367740

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4167.json

reference_id

CVE-2022-4167.json

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:28:24Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4167.json

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-4167

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ze1-1hs4-wyhb

url VCID-6znm-hc5g-a3bs

vulnerability_id VCID-6znm-hc5g-a3bs

summary An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-1539

reference_id

reference_type

scores

value	0.00043
scoring_system	epss
scoring_elements	0.13076
published_at	2026-04-24T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13081
published_at	2026-04-13T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.12982
published_at	2026-04-16T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.12985
published_at	2026-04-18T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13083
published_at	2026-04-21T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13203
published_at	2026-04-02T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13269
published_at	2026-04-04T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13069
published_at	2026-04-07T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.1315
published_at	2026-04-08T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13202
published_at	2026-04-09T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13171
published_at	2026-04-11T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13133
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-1539

reference_url

https://hackerone.com/reports/2369988

reference_id

2369988

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T14:30:26Z/

url

https://hackerone.com/reports/2369988

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/442049

reference_id

442049

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T14:30:26Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/442049

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-1539

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6znm-hc5g-a3bs

url VCID-71pn-8jnf-dqft

vulnerability_id VCID-71pn-8jnf-dqft

summary GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4581

reference_id

reference_type

scores

value	0.01096
scoring_system	epss
scoring_elements	0.77943
published_at	2026-04-01T12:55:00Z

value	0.01096
scoring_system	epss
scoring_elements	0.7795
published_at	2026-04-02T12:55:00Z

value	0.01096
scoring_system	epss
scoring_elements	0.77979
published_at	2026-04-04T12:55:00Z

value	0.01096
scoring_system	epss
scoring_elements	0.7796
published_at	2026-04-07T12:55:00Z

value	0.01096
scoring_system	epss
scoring_elements	0.77987
published_at	2026-04-08T12:55:00Z

value	0.01096
scoring_system	epss
scoring_elements	0.77992
published_at	2026-04-09T12:55:00Z

value	0.01096
scoring_system	epss
scoring_elements	0.78018
published_at	2026-04-11T12:55:00Z

value	0.01096
scoring_system	epss
scoring_elements	0.78001
published_at	2026-04-12T12:55:00Z

value	0.01096
scoring_system	epss
scoring_elements	0.78
published_at	2026-04-13T12:55:00Z

value	0.01096
scoring_system	epss
scoring_elements	0.78035
published_at	2026-04-16T12:55:00Z

value	0.01096
scoring_system	epss
scoring_elements	0.78034
published_at	2026-04-18T12:55:00Z

value	0.01096
scoring_system	epss
scoring_elements	0.78027
published_at	2026-04-21T12:55:00Z

value	0.01096
scoring_system	epss
scoring_elements	0.7806
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4581

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2013-4581

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71pn-8jnf-dqft

url VCID-73m6-xqtw-kqcq

vulnerability_id VCID-73m6-xqtw-kqcq

summary GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19262

reference_id

reference_type

scores

value	0.0008
scoring_system	epss
scoring_elements	0.23612
published_at	2026-04-01T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23769
published_at	2026-04-02T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23811
published_at	2026-04-04T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23587
published_at	2026-04-07T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23656
published_at	2026-04-08T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23702
published_at	2026-04-09T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23719
published_at	2026-04-11T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23678
published_at	2026-04-12T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23621
published_at	2026-04-13T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23634
published_at	2026-04-16T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23626
published_at	2026-04-18T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23608
published_at	2026-04-21T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23428
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19262

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-19262

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-73m6-xqtw-kqcq

url VCID-73zx-y2xe-ybd8

vulnerability_id VCID-73zx-y2xe-ybd8

summary An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-10240

reference_id

reference_type

scores

value	0.00133
scoring_system	epss
scoring_elements	0.32937
published_at	2026-04-16T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38809
published_at	2026-04-07T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38862
published_at	2026-04-08T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38875
published_at	2026-04-09T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38887
published_at	2026-04-11T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38823
published_at	2026-04-13T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38851
published_at	2026-04-12T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38859
published_at	2026-04-02T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.3888
published_at	2026-04-04T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39559
published_at	2026-04-24T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.3982
published_at	2026-04-18T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39738
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-10240

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/493188

reference_id

493188

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-26T20:24:41Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/493188

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#information-disclosure-through-an-api-endpoint

reference_id

#information-disclosure-through-an-api-endpoint

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-26T20:24:41Z/

url

https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#information-disclosure-through-an-api-endpoint

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-10240

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-73zx-y2xe-ybd8

url VCID-76e1-wt6f-mkbx

vulnerability_id VCID-76e1-wt6f-mkbx

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending specially crafted payloads.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-10497

reference_id

reference_type

scores

value	0.00063
scoring_system	epss
scoring_elements	0.19967
published_at	2026-04-04T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19911
published_at	2026-04-02T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22442
published_at	2026-04-24T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22633
published_at	2026-04-13T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22648
published_at	2026-04-16T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22645
published_at	2026-04-18T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22596
published_at	2026-04-21T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22583
published_at	2026-04-07T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22659
published_at	2026-04-08T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2271
published_at	2026-04-09T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22729
published_at	2026-04-11T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2269
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-10497

reference_url

https://hackerone.com/reports/3338151

reference_id

3338151

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-28T15:02:41Z/

url

https://hackerone.com/reports/3338151

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/570336

reference_id

570336

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-28T15:02:41Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/570336

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/

reference_id

patch-release-gitlab-18-5-1-released

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-28T15:02:41Z/

url

https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-10497

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-76e1-wt6f-mkbx

url VCID-78p7-cp4f-bkbg

vulnerability_id VCID-78p7-cp4f-bkbg

summary An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-9512

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.02767
published_at	2026-04-02T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02789
published_at	2026-04-07T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02781
published_at	2026-04-04T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12306
published_at	2026-04-24T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12319
published_at	2026-04-13T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12218
published_at	2026-04-16T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.1222
published_at	2026-04-18T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12324
published_at	2026-04-21T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12337
published_at	2026-04-08T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12387
published_at	2026-04-09T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12395
published_at	2026-04-11T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12357
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-9512

reference_url

https://hackerone.com/reports/2683469

reference_id

2683469

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-12T14:12:49Z/

url

https://hackerone.com/reports/2683469

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/497748

reference_id

497748

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-12T14:12:49Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/497748

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-9512

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-78p7-cp4f-bkbg

url VCID-7be1-7wvf-h3bd

vulnerability_id VCID-7be1-7wvf-h3bd

summary An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-8311

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.13443
published_at	2026-04-24T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13366
published_at	2026-04-18T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13438
published_at	2026-04-21T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13577
published_at	2026-04-02T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13637
published_at	2026-04-04T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13435
published_at	2026-04-07T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13516
published_at	2026-04-08T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13565
published_at	2026-04-09T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13539
published_at	2026-04-11T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13501
published_at	2026-04-12T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13455
published_at	2026-04-13T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13368
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-8311

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/479315

reference_id

479315

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T18:45:43Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/479315

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-8311

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7be1-7wvf-h3bd

url VCID-7gz7-5b5c-mkga

vulnerability_id VCID-7gz7-5b5c-mkga

summary An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-5963

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.0216
published_at	2026-04-24T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02191
published_at	2026-04-21T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02138
published_at	2026-04-02T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02144
published_at	2026-04-04T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02139
published_at	2026-04-08T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02157
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02134
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02119
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02115
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02091
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02103
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-5963

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/423468

reference_id

423468

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:45:18Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/423468

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-5963

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7gz7-5b5c-mkga

url VCID-7hhz-j8p7-zfd1

vulnerability_id VCID-7hhz-j8p7-zfd1

summary An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-5106

reference_id

reference_type

scores

value	0.0004
scoring_system	epss
scoring_elements	0.12071
published_at	2026-04-21T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12047
published_at	2026-04-24T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12519
published_at	2026-04-09T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12453
published_at	2026-04-12T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12413
published_at	2026-04-13T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12319
published_at	2026-04-16T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.1232
published_at	2026-04-18T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12581
published_at	2026-04-04T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12388
published_at	2026-04-07T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12468
published_at	2026-04-08T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12538
published_at	2026-04-02T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12491
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-5106

reference_url

https://gitlab.com/gitlab-org/gitlab/-/commit/67039cfcae80b8fc0496f79be88714873cd169b3

reference_id

67039cfcae80b8fc0496f79be88714873cd169b3

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-30T15:13:29Z/

url

https://gitlab.com/gitlab-org/gitlab/-/commit/67039cfcae80b8fc0496f79be88714873cd169b3

reference_url

https://gitlab.com/gitlab-org/security/gitlab/-/issues/980

reference_id

980

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-30T15:13:29Z/

url

https://gitlab.com/gitlab-org/security/gitlab/-/issues/980

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-5106

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7hhz-j8p7-zfd1

url VCID-7s4d-c1p8-f7gs

vulnerability_id VCID-7s4d-c1p8-f7gs

summary An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email.

references

reference_url	https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-15738

reference_id

reference_type

scores

value	0.00264
scoring_system	epss
scoring_elements	0.49883
published_at	2026-04-24T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49897
published_at	2026-04-21T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49823
published_at	2026-04-01T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.4986
published_at	2026-04-02T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49888
published_at	2026-04-04T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49839
published_at	2026-04-07T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49894
published_at	2026-04-08T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49887
published_at	2026-04-09T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49905
published_at	2026-04-11T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49877
published_at	2026-04-12T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49879
published_at	2026-04-13T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49924
published_at	2026-04-16T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49925
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-15738

reference_url	https://gitlab.com/gitlab-org/gitlab-ce/issues/63124
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/gitlab-ce/issues/63124

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-15738

reference_id

CVE-2019-15738

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-15738

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-15738

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7s4d-c1p8-f7gs

url VCID-7u3g-he8d-v3gh

vulnerability_id VCID-7u3g-he8d-v3gh

summary GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19309

reference_id

reference_type

scores

value	0.00069
scoring_system	epss
scoring_elements	0.21158
published_at	2026-04-01T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21311
published_at	2026-04-02T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21366
published_at	2026-04-04T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.2112
published_at	2026-04-07T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.212
published_at	2026-04-08T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21261
published_at	2026-04-09T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21271
published_at	2026-04-11T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.2123
published_at	2026-04-12T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21177
published_at	2026-04-13T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21169
published_at	2026-04-16T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21179
published_at	2026-04-18T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21157
published_at	2026-04-21T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21032
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19309

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-19309

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7u3g-he8d-v3gh

url VCID-7uhu-eyv3-hyc3

vulnerability_id VCID-7uhu-eyv3-hyc3

summary GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19314

reference_id

reference_type

scores

value	0.0006
scoring_system	epss
scoring_elements	0.18736
published_at	2026-04-01T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18873
published_at	2026-04-02T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18926
published_at	2026-04-04T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18648
published_at	2026-04-07T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18727
published_at	2026-04-08T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18781
published_at	2026-04-09T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18786
published_at	2026-04-11T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18739
published_at	2026-04-12T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18689
published_at	2026-04-13T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18638
published_at	2026-04-16T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.1865
published_at	2026-04-18T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18668
published_at	2026-04-21T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.1856
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19314

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-19314

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7uhu-eyv3-hyc3

url VCID-7ver-nghd-d7gj

vulnerability_id VCID-7ver-nghd-d7gj

summary A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13267

reference_id

reference_type

scores

value	0.00486
scoring_system	epss
scoring_elements	0.65312
published_at	2026-04-01T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65361
published_at	2026-04-02T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65387
published_at	2026-04-04T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65351
published_at	2026-04-07T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65404
published_at	2026-04-08T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65415
published_at	2026-04-09T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65434
published_at	2026-04-11T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.6542
published_at	2026-04-12T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65393
published_at	2026-04-13T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65429
published_at	2026-04-16T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.6544
published_at	2026-04-18T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65425
published_at	2026-04-21T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65441
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13267

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-13267

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ver-nghd-d7gj

url VCID-7ww3-rtvx-7bgy

vulnerability_id VCID-7ww3-rtvx-7bgy

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-3857

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.01383
published_at	2026-04-24T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01286
published_at	2026-04-16T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.013
published_at	2026-04-18T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01374
published_at	2026-04-21T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01291
published_at	2026-04-02T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01295
published_at	2026-04-13T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01306
published_at	2026-04-07T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01312
published_at	2026-04-08T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01315
published_at	2026-04-09T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01299
published_at	2026-04-11T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01293
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-3857

reference_url

https://hackerone.com/reports/3584382

reference_id

3584382

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T03:55:34Z/

url

https://hackerone.com/reports/3584382

reference_url

https://gitlab.com/gitlab-org/gitlab/-/work_items/592828

reference_id

592828

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T03:55:34Z/

url

https://gitlab.com/gitlab-org/gitlab/-/work_items/592828

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/

reference_id

patch-release-gitlab-18-10-1-released

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T03:55:34Z/

url

https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-3857

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ww3-rtvx-7bgy

url VCID-7xpa-wsmb-1uat

vulnerability_id VCID-7xpa-wsmb-1uat

summary An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-4379

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.0185
published_at	2026-04-24T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.0186
published_at	2026-04-21T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01781
published_at	2026-04-02T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01795
published_at	2026-04-04T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01794
published_at	2026-04-07T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01797
published_at	2026-04-08T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.0181
published_at	2026-04-09T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01804
published_at	2026-04-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01793
published_at	2026-04-12T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.0179
published_at	2026-04-13T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01779
published_at	2026-04-16T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01778
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4379

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/415496

reference_id

415496

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-30T15:30:35Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/415496

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-4379

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7xpa-wsmb-1uat

url VCID-82a8-grn5-eqdj

vulnerability_id VCID-82a8-grn5-eqdj

summary Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-26412

reference_id

reference_type

scores

value	0.00131
scoring_system	epss
scoring_elements	0.32341
published_at	2026-04-24T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32511
published_at	2026-04-01T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32655
published_at	2026-04-02T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32691
published_at	2026-04-04T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32513
published_at	2026-04-07T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32561
published_at	2026-04-08T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32587
published_at	2026-04-09T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32589
published_at	2026-04-11T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32551
published_at	2026-04-12T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32523
published_at	2026-04-13T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.3256
published_at	2026-04-16T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32538
published_at	2026-04-18T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32506
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-26412

reference_url

reference_id

AVG-1347

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19259

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-26412

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-82a8-grn5-eqdj

url VCID-83vb-hq6n-cygb

vulnerability_id VCID-83vb-hq6n-cygb

summary GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR).

references

reference_url

reference_id

reference_type

scores

value	0.0006
scoring_system	epss
scoring_elements	0.18717
published_at	2026-04-01T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18854
published_at	2026-04-02T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18907
published_at	2026-04-04T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18628
published_at	2026-04-07T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18707
published_at	2026-04-08T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18761
published_at	2026-04-09T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18766
published_at	2026-04-11T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18719
published_at	2026-04-12T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.1867
published_at	2026-04-13T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18618
published_at	2026-04-16T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.1863
published_at	2026-04-18T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18649
published_at	2026-04-21T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18541
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19259

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-19259

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-83vb-hq6n-cygb

url VCID-89jf-z93z-f3b4

vulnerability_id VCID-89jf-z93z-f3b4

summary A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13275

reference_id

reference_type

scores

value	0.00145
scoring_system	epss
scoring_elements	0.3478
published_at	2026-04-01T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34979
published_at	2026-04-02T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.35005
published_at	2026-04-04T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34886
published_at	2026-04-07T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.3493
published_at	2026-04-08T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34959
published_at	2026-04-09T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34963
published_at	2026-04-11T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34927
published_at	2026-04-12T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34904
published_at	2026-04-13T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34943
published_at	2026-04-16T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34926
published_at	2026-04-18T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34881
published_at	2026-04-21T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34648
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13275

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-13275

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-89jf-z93z-f3b4

url VCID-8bb8-3yy2-nfes

vulnerability_id VCID-8bb8-3yy2-nfes

summary An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1763

reference_id

reference_type

scores

value	0.00468
scoring_system	epss
scoring_elements	0.64517
published_at	2026-04-24T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64493
published_at	2026-04-16T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64504
published_at	2026-04-18T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64496
published_at	2026-04-21T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64429
published_at	2026-04-02T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64459
published_at	2026-04-04T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64419
published_at	2026-04-07T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64467
published_at	2026-04-08T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64483
published_at	2026-04-09T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64498
published_at	2026-04-11T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64486
published_at	2026-04-12T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64458
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1763

reference_url

https://hackerone.com/reports/3016600

reference_id

3016600

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T12:50:03Z/

url

https://hackerone.com/reports/3016600

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/521718

reference_id

521718

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T12:50:03Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/521718

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-1763

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8bb8-3yy2-nfes

url VCID-8bwa-wdaj-t3h2

vulnerability_id VCID-8bwa-wdaj-t3h2

summary GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12448

reference_id

reference_type

scores

value	0.00106
scoring_system	epss
scoring_elements	0.28839
published_at	2026-04-08T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28916
published_at	2026-04-02T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28966
published_at	2026-04-04T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28773
published_at	2026-04-07T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.2888
published_at	2026-04-09T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28886
published_at	2026-04-11T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28841
published_at	2026-04-12T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28792
published_at	2026-04-13T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28811
published_at	2026-04-16T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28789
published_at	2026-04-18T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28739
published_at	2026-04-21T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28627
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12448

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-12448

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8bwa-wdaj-t3h2

url VCID-8ccz-1vym-3yev

vulnerability_id VCID-8ccz-1vym-3yev

summary GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user with auditor privileges to modify vulnerability flag data in private projects due to incorrect authorization.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2619

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01791
published_at	2026-04-09T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01784
published_at	2026-04-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01773
published_at	2026-04-12T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01771
published_at	2026-04-13T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02731
published_at	2026-04-18T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02719
published_at	2026-04-16T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03402
published_at	2026-04-21T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03389
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2619

reference_url

https://hackerone.com/reports/3554982

reference_id

3554982

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:04:19Z/

url

https://hackerone.com/reports/3554982

reference_url

https://gitlab.com/gitlab-org/gitlab/-/work_items/590430

reference_id

590430

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:04:19Z/

url

https://gitlab.com/gitlab-org/gitlab/-/work_items/590430

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

reference_id

patch-release-gitlab-18-10-3-released

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:04:19Z/

url

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-2619

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8ccz-1vym-3yev

url VCID-8d3w-b64w-nyc9

vulnerability_id VCID-8d3w-b64w-nyc9

summary gitlab: GitLab: Unauthorized access to AI model settings via namespace identifier manipulation

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13772.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13772.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-13772

reference_id

reference_type

scores

value	7e-05
scoring_system	epss
scoring_elements	0.00456
published_at	2026-04-24T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00443
published_at	2026-04-02T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00424
published_at	2026-04-16T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00458
published_at	2026-04-21T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00442
published_at	2026-04-04T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00435
published_at	2026-04-07T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00431
published_at	2026-04-08T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00433
published_at	2026-04-09T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00434
published_at	2026-04-11T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00429
published_at	2026-04-18T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00428
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-13772

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2428224
reference_id	2428224
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2428224

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/581268

reference_id

581268

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:13:05Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/581268

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/

reference_id

patch-release-gitlab-18-7-1-released

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:13:05Z/

url

https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-13772

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8d3w-b64w-nyc9

url VCID-8p24-6g5t-fqdq

vulnerability_id VCID-8p24-6g5t-fqdq

summary

Repository#grep accepts Unix pipes by default
See CVE-2013-4489 advisory for GitLab: Remote code execution vulnerability in the code search feature http://seclists.org/oss-sec/2013/q4/224

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4489

reference_id

reference_type

scores

value	0.00202
scoring_system	epss
scoring_elements	0.42187
published_at	2026-04-24T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42344
published_at	2026-04-09T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42367
published_at	2026-04-11T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42331
published_at	2026-04-12T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42303
published_at	2026-04-13T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42352
published_at	2026-04-16T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42328
published_at	2026-04-18T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42255
published_at	2026-04-21T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42244
published_at	2026-04-01T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42319
published_at	2026-04-02T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42347
published_at	2026-04-04T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42289
published_at	2026-04-07T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42337
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4489

reference_url

https://github.com/gitlabhq/grit

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/gitlabhq/grit

reference_url

https://github.com/gitlabhq/grit/commit/40f33a4f4f5604c2a531a1d86901fd81ac4402c4

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/gitlabhq/grit/commit/40f33a4f4f5604c2a531a1d86901fd81ac4402c4

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/gitlab-grit/CVE-2013-4489.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/gitlab-grit/CVE-2013-4489.yml

reference_url

https://gitlab.com/gitlab-org/gitlab-grit/-/blob/v2.6.1/History.txt?ref_type=tags#L2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gitlab.com/gitlab-org/gitlab-grit/-/blob/v2.6.1/History.txt?ref_type=tags#L2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4489

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4489

reference_url

https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release

reference_url	https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/
reference_id
reference_type
scores
url	https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/

reference_url

https://github.com/advisories/GHSA-95xq-v4m2-fq3r

reference_id

GHSA-95xq-v4m2-fq3r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-95xq-v4m2-fq3r

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2013-4489, GHSA-95xq-v4m2-fq3r, OSV-99370

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8p24-6g5t-fqdq

url VCID-8pxg-vb31-zqhm

vulnerability_id VCID-8pxg-vb31-zqhm

summary GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-11437

reference_id

reference_type

scores

value	0.0009
scoring_system	epss
scoring_elements	0.25519
published_at	2026-04-01T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25588
published_at	2026-04-02T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25624
published_at	2026-04-04T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25393
published_at	2026-04-07T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25462
published_at	2026-04-08T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25509
published_at	2026-04-09T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25521
published_at	2026-04-11T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25478
published_at	2026-04-12T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25421
published_at	2026-04-13T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25427
published_at	2026-04-16T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25417
published_at	2026-04-18T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25385
published_at	2026-04-21T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25349
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-11437

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2017-11437

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8pxg-vb31-zqhm

url VCID-8py3-7bhm-3ugu

vulnerability_id VCID-8py3-7bhm-3ugu

summary Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12825

reference_id

reference_type

scores

value	0.00057
scoring_system	epss
scoring_elements	0.17891
published_at	2026-04-01T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.18052
published_at	2026-04-02T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.18107
published_at	2026-04-04T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17809
published_at	2026-04-07T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17897
published_at	2026-04-08T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17957
published_at	2026-04-09T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17974
published_at	2026-04-11T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17929
published_at	2026-04-12T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.1788
published_at	2026-04-13T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17823
published_at	2026-04-16T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17832
published_at	2026-04-18T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.1787
published_at	2026-04-21T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17775
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12825

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-12825

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8py3-7bhm-3ugu

url VCID-8znh-gknj-5fdq

vulnerability_id VCID-8znh-gknj-5fdq

summary GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of Service by uploading a malicious file and repeatedly querying it through GraphQl.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-1387

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.13474
published_at	2026-04-02T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13463
published_at	2026-04-09T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13437
published_at	2026-04-11T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13402
published_at	2026-04-12T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13356
published_at	2026-04-13T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13263
published_at	2026-04-16T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13261
published_at	2026-04-18T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13536
published_at	2026-04-04T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13331
published_at	2026-04-07T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13414
published_at	2026-04-08T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15694
published_at	2026-04-24T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15658
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-1387

reference_url

https://hackerone.com/reports/3515994

reference_id

3515994

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:17:22Z/

url

https://hackerone.com/reports/3515994

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/587546

reference_id

587546

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:17:22Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/587546

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

reference_id

patch-release-gitlab-18-8-4-released

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:17:22Z/

url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-1387

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8znh-gknj-5fdq

100

url VCID-974b-ft33-k7fu

vulnerability_id VCID-974b-ft33-k7fu

summary An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13348

reference_id

reference_type

scores

value	0.00072
scoring_system	epss
scoring_elements	0.2186
published_at	2026-04-01T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22024
published_at	2026-04-02T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22075
published_at	2026-04-04T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2184
published_at	2026-04-07T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21916
published_at	2026-04-08T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21971
published_at	2026-04-09T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21984
published_at	2026-04-11T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21943
published_at	2026-04-12T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21887
published_at	2026-04-13T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21888
published_at	2026-04-16T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21894
published_at	2026-04-18T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21855
published_at	2026-04-21T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21708
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13348

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-13348

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-974b-ft33-k7fu

101

url VCID-982z-kxzh-27dh

vulnerability_id VCID-982z-kxzh-27dh

summary A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-0555

reference_id

reference_type

scores

value	0.00032
scoring_system	epss
scoring_elements	0.09333
published_at	2026-04-12T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.0921
published_at	2026-04-16T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09319
published_at	2026-04-13T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09361
published_at	2026-04-11T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09351
published_at	2026-04-09T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11273
published_at	2026-04-08T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12562
published_at	2026-04-07T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18181
published_at	2026-04-24T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18256
published_at	2026-04-18T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18282
published_at	2026-04-21T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46002
published_at	2026-04-02T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46023
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-0555

reference_url

https://hackerone.com/reports/2939833

reference_id

2939833

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:50:31Z/

url

https://hackerone.com/reports/2939833

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/514004

reference_id

514004

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:50:31Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/514004

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-0555

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-982z-kxzh-27dh

102

url VCID-9cuf-1y7k-b3ey

vulnerability_id VCID-9cuf-1y7k-b3ey

summary GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19263

reference_id

reference_type

scores

value	0.00045
scoring_system	epss
scoring_elements	0.13872
published_at	2026-04-01T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13956
published_at	2026-04-02T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.14011
published_at	2026-04-04T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13813
published_at	2026-04-07T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13896
published_at	2026-04-08T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13949
published_at	2026-04-09T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13905
published_at	2026-04-11T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13869
published_at	2026-04-12T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13821
published_at	2026-04-13T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13731
published_at	2026-04-16T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13727
published_at	2026-04-18T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13802
published_at	2026-04-21T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13823
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19263

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-19263

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9cuf-1y7k-b3ey

103

url VCID-9dza-uktz-pqgc

vulnerability_id VCID-9dza-uktz-pqgc

summary An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-7586

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.03154
published_at	2026-04-02T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03164
published_at	2026-04-04T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03801
published_at	2026-04-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03805
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.0383
published_at	2026-04-09T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03773
published_at	2026-04-12T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03793
published_at	2026-04-11T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03746
published_at	2026-04-13T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06247
published_at	2026-04-24T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06085
published_at	2026-04-18T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06233
published_at	2026-04-21T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06074
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-7586

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/463866

reference_id

463866

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-20T14:52:57Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/463866

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-7586

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9dza-uktz-pqgc

104

url VCID-9ef6-arq8-qfa7

vulnerability_id VCID-9ef6-arq8-qfa7

summary GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7977

reference_id

reference_type

scores

value	0.00052
scoring_system	epss
scoring_elements	0.16149
published_at	2026-04-01T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16332
published_at	2026-04-02T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16393
published_at	2026-04-04T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16192
published_at	2026-04-07T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16277
published_at	2026-04-08T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16341
published_at	2026-04-09T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16323
published_at	2026-04-11T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16284
published_at	2026-04-12T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16216
published_at	2026-04-13T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16153
published_at	2026-04-16T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.1617
published_at	2026-04-18T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16208
published_at	2026-04-21T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16098
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7977

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-7977

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ef6-arq8-qfa7

105

url VCID-9hj6-5zkd-7kgf

vulnerability_id VCID-9hj6-5zkd-7kgf

summary An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass.

references

reference_url	https://about.gitlab.com/blog/categories/releases/
reference_id
reference_type
scores
url	https://about.gitlab.com/blog/categories/releases/

reference_url	https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-13001

reference_id

reference_type

scores

value	0.00074
scoring_system	epss
scoring_elements	0.22154
published_at	2026-04-24T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22304
published_at	2026-04-21T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22285
published_at	2026-04-01T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22451
published_at	2026-04-02T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22496
published_at	2026-04-04T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22284
published_at	2026-04-07T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22367
published_at	2026-04-08T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22422
published_at	2026-04-09T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22443
published_at	2026-04-11T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22401
published_at	2026-04-12T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22345
published_at	2026-04-13T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22361
published_at	2026-04-16T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22356
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-13001

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-13001

reference_id

CVE-2019-13001

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-13001

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-13001

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hj6-5zkd-7kgf

106

url VCID-9xmk-7m69-93ex

vulnerability_id VCID-9xmk-7m69-93ex

summary An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13263

reference_id

reference_type

scores

value	0.00198
scoring_system	epss
scoring_elements	0.41868
published_at	2026-04-01T12:55:00Z

value	0.00198
scoring_system	epss
scoring_elements	0.41933
published_at	2026-04-02T12:55:00Z

value	0.00198
scoring_system	epss
scoring_elements	0.41961
published_at	2026-04-04T12:55:00Z

value	0.00198
scoring_system	epss
scoring_elements	0.41888
published_at	2026-04-07T12:55:00Z

value	0.00198
scoring_system	epss
scoring_elements	0.41938
published_at	2026-04-08T12:55:00Z

value	0.00198
scoring_system	epss
scoring_elements	0.41949
published_at	2026-04-09T12:55:00Z

value	0.00198
scoring_system	epss
scoring_elements	0.41973
published_at	2026-04-16T12:55:00Z

value	0.00198
scoring_system	epss
scoring_elements	0.41937
published_at	2026-04-12T12:55:00Z

value	0.00198
scoring_system	epss
scoring_elements	0.41923
published_at	2026-04-13T12:55:00Z

value	0.00198
scoring_system	epss
scoring_elements	0.41945
published_at	2026-04-18T12:55:00Z

value	0.00198
scoring_system	epss
scoring_elements	0.41874
published_at	2026-04-21T12:55:00Z

value	0.00198
scoring_system	epss
scoring_elements	0.41811
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13263

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-13263

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9xmk-7m69-93ex

107

url VCID-9zn4-bgke-aqhm

vulnerability_id VCID-9zn4-bgke-aqhm

summary An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-12244

reference_id

reference_type

scores

value	0.0008
scoring_system	epss
scoring_elements	0.23362
published_at	2026-04-24T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23564
published_at	2026-04-13T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23577
published_at	2026-04-16T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23566
published_at	2026-04-18T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23545
published_at	2026-04-21T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23707
published_at	2026-04-02T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.2375
published_at	2026-04-04T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.2353
published_at	2026-04-07T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23602
published_at	2026-04-08T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23647
published_at	2026-04-09T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23663
published_at	2026-04-11T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23621
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-12244

reference_url

https://hackerone.com/reports/2862754

reference_id

2862754

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:43:12Z/

url

https://hackerone.com/reports/2862754

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/508046

reference_id

508046

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:43:12Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/508046

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-12244

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9zn4-bgke-aqhm

108

url VCID-a96m-a6p2-u7fc

vulnerability_id VCID-a96m-a6p2-u7fc

summary An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2459

reference_id

reference_type

scores

value	0.00181
scoring_system	epss
scoring_elements	0.39744
published_at	2026-04-02T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39766
published_at	2026-04-04T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39684
published_at	2026-04-07T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39738
published_at	2026-04-08T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39753
published_at	2026-04-09T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39762
published_at	2026-04-11T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39726
published_at	2026-04-12T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.3971
published_at	2026-04-13T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.3976
published_at	2026-04-16T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39731
published_at	2026-04-18T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39647
published_at	2026-04-21T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39469
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2459

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-2459

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a96m-a6p2-u7fc

109

url VCID-acfp-4n7t-u7fa

vulnerability_id VCID-acfp-4n7t-u7fa

summary GitLab EE 10.1 through 12.7.2 allows Information Disclosure.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7974

reference_id

reference_type

scores

value	0.00075
scoring_system	epss
scoring_elements	0.22526
published_at	2026-04-01T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22698
published_at	2026-04-02T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22743
published_at	2026-04-04T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22531
published_at	2026-04-07T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22609
published_at	2026-04-08T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22662
published_at	2026-04-09T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2268
published_at	2026-04-11T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22639
published_at	2026-04-12T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22583
published_at	2026-04-13T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22598
published_at	2026-04-16T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22594
published_at	2026-04-18T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22544
published_at	2026-04-21T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22393
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7974

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-7974

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-acfp-4n7t-u7fa

110

url VCID-aejs-fse9-5ufz

vulnerability_id VCID-aejs-fse9-5ufz

summary Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13266

reference_id

reference_type

scores

value	0.00055
scoring_system	epss
scoring_elements	0.1733
published_at	2026-04-01T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17499
published_at	2026-04-02T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17546
published_at	2026-04-04T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17326
published_at	2026-04-07T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17418
published_at	2026-04-08T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17478
published_at	2026-04-09T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.1749
published_at	2026-04-11T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17443
published_at	2026-04-12T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17389
published_at	2026-04-13T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17331
published_at	2026-04-16T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17339
published_at	2026-04-18T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17371
published_at	2026-04-21T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17279
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13266

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-13266

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aejs-fse9-5ufz

111

url VCID-agxq-w7e3-qbbd

vulnerability_id VCID-agxq-w7e3-qbbd

summary An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-11668

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.01227
published_at	2026-04-24T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01224
published_at	2026-04-21T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01155
published_at	2026-04-18T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00693
published_at	2026-04-08T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00684
published_at	2026-04-09T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00678
published_at	2026-04-13T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00671
published_at	2026-04-16T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00685
published_at	2026-04-11T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00696
published_at	2026-04-02T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00689
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-11668

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/456922

reference_id

456922

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T18:42:30Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/456922

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-11668

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-agxq-w7e3-qbbd

112

url VCID-ajsm-xpvn-h3cd

vulnerability_id VCID-ajsm-xpvn-h3cd

summary An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the top-level group has enabled IP restrictions on the group.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-2589

reference_id

reference_type

scores

value	0.00206
scoring_system	epss
scoring_elements	0.42783
published_at	2026-04-24T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.4289
published_at	2026-04-12T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42903
published_at	2026-04-09T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42925
published_at	2026-04-11T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42873
published_at	2026-04-13T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42933
published_at	2026-04-16T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42922
published_at	2026-04-18T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42859
published_at	2026-04-21T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42901
published_at	2026-04-04T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.4284
published_at	2026-04-07T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47489
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-2589

reference_url

https://hackerone.com/reports/1941803

reference_id

1941803

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:25:11Z/

url

https://hackerone.com/reports/1941803

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/407891

reference_id

407891

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:25:11Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/407891

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2589.json

reference_id

CVE-2023-2589.json

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:25:11Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2589.json

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-2589

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ajsm-xpvn-h3cd

113

url VCID-anx6-ukf8-cbau

vulnerability_id VCID-anx6-ukf8-cbau

summary An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13337

reference_id

reference_type

scores

value	0.0013
scoring_system	epss
scoring_elements	0.32481
published_at	2026-04-01T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32625
published_at	2026-04-02T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32661
published_at	2026-04-04T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32483
published_at	2026-04-07T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32531
published_at	2026-04-08T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32557
published_at	2026-04-09T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32559
published_at	2026-04-11T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32522
published_at	2026-04-12T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32495
published_at	2026-04-13T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32529
published_at	2026-04-16T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32507
published_at	2026-04-18T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32475
published_at	2026-04-21T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.3231
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13337

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-13337

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-anx6-ukf8-cbau

114

url VCID-avzn-3wtk-2qhk

vulnerability_id VCID-avzn-3wtk-2qhk

summary Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1983

reference_id

reference_type

scores

value	0.00131
scoring_system	epss
scoring_elements	0.3266
published_at	2026-04-13T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32793
published_at	2026-04-02T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32829
published_at	2026-04-04T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.3265
published_at	2026-04-07T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32698
published_at	2026-04-08T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32724
published_at	2026-04-09T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32725
published_at	2026-04-11T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32688
published_at	2026-04-12T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32699
published_at	2026-04-16T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32677
published_at	2026-04-18T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32647
published_at	2026-04-21T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32492
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1983

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-1983

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-avzn-3wtk-2qhk

115

url VCID-awqw-86c7-mbf5

vulnerability_id VCID-awqw-86c7-mbf5

summary An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term."

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-11129

reference_id

reference_type

scores

value	0.00052
scoring_system	epss
scoring_elements	0.16241
published_at	2026-04-24T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16356
published_at	2026-04-13T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16293
published_at	2026-04-16T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16313
published_at	2026-04-18T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16348
published_at	2026-04-21T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16469
published_at	2026-04-02T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16531
published_at	2026-04-04T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16328
published_at	2026-04-07T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16414
published_at	2026-04-08T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16473
published_at	2026-04-09T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16457
published_at	2026-04-11T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16418
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-11129

reference_url

https://hackerone.com/reports/2717400

reference_id

2717400

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:16:18Z/

url

https://hackerone.com/reports/2717400

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/503722

reference_id

503722

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:16:18Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/503722

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-11129

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-awqw-86c7-mbf5

116

url VCID-b5s9-nn6q-kbcs

vulnerability_id VCID-b5s9-nn6q-kbcs

summary A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22249

reference_id

reference_type

scores

value	0.00274
scoring_system	epss
scoring_elements	0.50782
published_at	2026-04-01T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50838
published_at	2026-04-02T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50864
published_at	2026-04-04T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50821
published_at	2026-04-07T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50878
published_at	2026-04-08T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50876
published_at	2026-04-09T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50918
published_at	2026-04-16T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50896
published_at	2026-04-12T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.5088
published_at	2026-04-13T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50924
published_at	2026-04-18T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50904
published_at	2026-04-21T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50853
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22249

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-22249

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b5s9-nn6q-kbcs

117

url VCID-b7be-m9jj-juf2

vulnerability_id VCID-b7be-m9jj-juf2

summary The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4582

reference_id

reference_type

scores

value	0.0017
scoring_system	epss
scoring_elements	0.38147
published_at	2026-04-01T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38292
published_at	2026-04-02T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38315
published_at	2026-04-04T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38184
published_at	2026-04-07T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38234
published_at	2026-04-08T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38242
published_at	2026-04-09T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38261
published_at	2026-04-11T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38225
published_at	2026-04-12T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38202
published_at	2026-04-13T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38248
published_at	2026-04-16T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38228
published_at	2026-04-18T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.3816
published_at	2026-04-21T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.37991
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4582

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2013-4582

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7be-m9jj-juf2

118

url VCID-b865-rg4k-wfck

vulnerability_id VCID-b865-rg4k-wfck

summary An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption.

references

reference_url	https://about.gitlab.com/blog/categories/releases/
reference_id
reference_type
scores
url	https://about.gitlab.com/blog/categories/releases/

reference_url	https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-13007

reference_id

reference_type

scores

value	0.00159
scoring_system	epss
scoring_elements	0.3646
published_at	2026-04-24T12:55:00Z

value	0.00159
scoring_system	epss
scoring_elements	0.36685
published_at	2026-04-21T12:55:00Z

value	0.00159
scoring_system	epss
scoring_elements	0.36679
published_at	2026-04-01T12:55:00Z

value	0.00159
scoring_system	epss
scoring_elements	0.36834
published_at	2026-04-02T12:55:00Z

value	0.00159
scoring_system	epss
scoring_elements	0.36866
published_at	2026-04-04T12:55:00Z

value	0.00159
scoring_system	epss
scoring_elements	0.36702
published_at	2026-04-07T12:55:00Z

value	0.00159
scoring_system	epss
scoring_elements	0.36753
published_at	2026-04-08T12:55:00Z

value	0.00159
scoring_system	epss
scoring_elements	0.36769
published_at	2026-04-09T12:55:00Z

value	0.00159
scoring_system	epss
scoring_elements	0.36778
published_at	2026-04-11T12:55:00Z

value	0.00159
scoring_system	epss
scoring_elements	0.36744
published_at	2026-04-12T12:55:00Z

value	0.00159
scoring_system	epss
scoring_elements	0.36718
published_at	2026-04-13T12:55:00Z

value	0.00159
scoring_system	epss
scoring_elements	0.36762
published_at	2026-04-16T12:55:00Z

value	0.00159
scoring_system	epss
scoring_elements	0.36745
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-13007

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-13007

reference_id

CVE-2019-13007

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:N/A:P

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-13007

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-13007

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b865-rg4k-wfck

119

url VCID-ba8y-gmf8-f3a5

vulnerability_id VCID-ba8y-gmf8-f3a5

summary An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed framework-specific permission checks.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-5846

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05699
published_at	2026-04-02T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05741
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05736
published_at	2026-04-07T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05776
published_at	2026-04-08T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05801
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0578
published_at	2026-04-11T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06356
published_at	2026-04-21T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06235
published_at	2026-04-13T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06193
published_at	2026-04-16T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06205
published_at	2026-04-18T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06245
published_at	2026-04-12T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20078
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-5846

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/546435

reference_id

546435

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T13:22:54Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/546435

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-5846

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ba8y-gmf8-f3a5

120

url VCID-bd9p-32b3-u7en

vulnerability_id VCID-bd9p-32b3-u7en

summary GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.3, and 18.5 before 18.5.1 that under certain conditions could have allowed authenticated users to gain unauthorized project access by exploiting the access request approval workflow.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6601

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.03421
published_at	2026-04-04T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03409
published_at	2026-04-02T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04959
published_at	2026-04-24T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0482
published_at	2026-04-13T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04768
published_at	2026-04-16T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04777
published_at	2026-04-18T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04922
published_at	2026-04-21T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04829
published_at	2026-04-07T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04867
published_at	2026-04-08T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04885
published_at	2026-04-09T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04862
published_at	2026-04-11T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0484
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6601

reference_url

https://hackerone.com/reports/3209641

reference_id

3209641

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T15:17:52Z/

url

https://hackerone.com/reports/3209641

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/551267

reference_id

551267

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T15:17:52Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/551267

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/

reference_id

patch-release-gitlab-18-5-1-released

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T15:17:52Z/

url

https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-6601

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bd9p-32b3-u7en

121

url VCID-bse3-k2ur-gkhe

vulnerability_id VCID-bse3-k2ur-gkhe

summary An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-8770

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.034
published_at	2026-04-02T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03452
published_at	2026-04-09T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03412
published_at	2026-04-11T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03385
published_at	2026-04-12T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03362
published_at	2026-04-13T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03338
published_at	2026-04-16T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03414
published_at	2026-04-04T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.0343
published_at	2026-04-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03432
published_at	2026-04-08T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04162
published_at	2026-04-21T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04174
published_at	2026-04-24T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.0404
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-8770

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/549105

reference_id

549105

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-13T20:05:13Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/549105

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-8770

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bse3-k2ur-gkhe

122

url VCID-c3un-3g77-t7eh

vulnerability_id VCID-c3un-3g77-t7eh

summary Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13261

reference_id

reference_type

scores

value	0.00177
scoring_system	epss
scoring_elements	0.3914
published_at	2026-04-01T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39325
published_at	2026-04-02T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39349
published_at	2026-04-04T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39263
published_at	2026-04-07T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39318
published_at	2026-04-08T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39335
published_at	2026-04-09T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39346
published_at	2026-04-11T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39307
published_at	2026-04-12T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39289
published_at	2026-04-13T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39341
published_at	2026-04-16T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39313
published_at	2026-04-18T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39226
published_at	2026-04-21T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39012
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13261

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-13261

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c3un-3g77-t7eh

123

url VCID-ccs9-1gqf-vkhx

vulnerability_id VCID-ccs9-1gqf-vkhx

summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing attackers to perform arbitrary actions on behalf of victims."

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-1451

reference_id

reference_type

scores

value	0.29088
scoring_system	epss
scoring_elements	0.96596
published_at	2026-04-24T12:55:00Z

value	0.29088
scoring_system	epss
scoring_elements	0.96578
published_at	2026-04-12T12:55:00Z

value	0.29088
scoring_system	epss
scoring_elements	0.9658
published_at	2026-04-13T12:55:00Z

value	0.29088
scoring_system	epss
scoring_elements	0.96587
published_at	2026-04-16T12:55:00Z

value	0.29088
scoring_system	epss
scoring_elements	0.96593
published_at	2026-04-18T12:55:00Z

value	0.29088
scoring_system	epss
scoring_elements	0.96557
published_at	2026-04-02T12:55:00Z

value	0.29088
scoring_system	epss
scoring_elements	0.96562
published_at	2026-04-04T12:55:00Z

value	0.29088
scoring_system	epss
scoring_elements	0.96565
published_at	2026-04-07T12:55:00Z

value	0.29088
scoring_system	epss
scoring_elements	0.96573
published_at	2026-04-08T12:55:00Z

value	0.29088
scoring_system	epss
scoring_elements	0.96575
published_at	2026-04-09T12:55:00Z

value	0.29088
scoring_system	epss
scoring_elements	0.96577
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-1451

reference_url

https://hackerone.com/reports/2371126

reference_id

2371126

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:16:14Z/

url

https://hackerone.com/reports/2371126

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/441457

reference_id

441457

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:16:14Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/441457

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-1451

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ccs9-1gqf-vkhx

124

url VCID-cfg6-81nj-wuh7

vulnerability_id VCID-cfg6-81nj-wuh7

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization checks on member management operations.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-4916

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.00989
published_at	2026-04-09T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.00975
published_at	2026-04-11T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.00969
published_at	2026-04-13T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01837
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02209
published_at	2026-04-21T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02188
published_at	2026-04-24T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03517
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-4916

reference_url

https://hackerone.com/reports/3301240

reference_id

3301240

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:05:47Z/

url

https://hackerone.com/reports/3301240

reference_url

https://gitlab.com/gitlab-org/gitlab/-/work_items/565414

reference_id

565414

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:05:47Z/

url

https://gitlab.com/gitlab-org/gitlab/-/work_items/565414

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

reference_id

patch-release-gitlab-18-10-3-released

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:05:47Z/

url

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-4916

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cfg6-81nj-wuh7

125

url VCID-cgwn-9de8-hubj

vulnerability_id VCID-cgwn-9de8-hubj

summary An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10112

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.22882
published_at	2026-04-16T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22876
published_at	2026-04-18T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22837
published_at	2026-04-21T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22674
published_at	2026-04-24T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23546
published_at	2026-04-08T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23592
published_at	2026-04-09T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23493
published_at	2026-04-01T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23567
published_at	2026-04-12T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.2351
published_at	2026-04-13T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23608
published_at	2026-04-11T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23653
published_at	2026-04-02T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23696
published_at	2026-04-04T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23476
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10112

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-10112

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cgwn-9de8-hubj

126

url VCID-ck2a-7z14-tqh3

vulnerability_id VCID-ck2a-7z14-tqh3

summary An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials.

references

reference_url	https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/

reference_url	https://about.gitlab.com/blog/categories/releases/
reference_id
reference_type
scores
url	https://about.gitlab.com/blog/categories/releases/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14943

reference_id

reference_type

scores

value	0.00303
scoring_system	epss
scoring_elements	0.53501
published_at	2026-04-01T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53566
published_at	2026-04-09T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53615
published_at	2026-04-11T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53598
published_at	2026-04-12T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53581
published_at	2026-04-13T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53617
published_at	2026-04-16T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53524
published_at	2026-04-02T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53551
published_at	2026-04-04T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53519
published_at	2026-04-07T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.5357
published_at	2026-04-08T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57832
published_at	2026-04-18T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57808
published_at	2026-04-21T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57766
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14943

reference_url	https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4530
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4530

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14943

reference_id

CVE-2019-14943

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14943

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-14943

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ck2a-7z14-tqh3

127

url VCID-cuzf-qtjv-vyhc

vulnerability_id VCID-cuzf-qtjv-vyhc

summary GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19258

reference_id

reference_type

scores

value	0.00075
scoring_system	epss
scoring_elements	0.22526
published_at	2026-04-01T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22698
published_at	2026-04-02T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22743
published_at	2026-04-04T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22531
published_at	2026-04-07T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22609
published_at	2026-04-08T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22662
published_at	2026-04-09T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2268
published_at	2026-04-11T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22639
published_at	2026-04-12T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22583
published_at	2026-04-13T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22598
published_at	2026-04-16T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22594
published_at	2026-04-18T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22544
published_at	2026-04-21T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22393
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19258

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-19258

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cuzf-qtjv-vyhc

128

url VCID-cvae-k1kf-3bb5

vulnerability_id VCID-cvae-k1kf-3bb5

summary GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19312

reference_id

reference_type

scores

value	0.00181
scoring_system	epss
scoring_elements	0.39668
published_at	2026-04-01T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39817
published_at	2026-04-02T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.3984
published_at	2026-04-04T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39761
published_at	2026-04-07T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39816
published_at	2026-04-08T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.3983
published_at	2026-04-09T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39839
published_at	2026-04-11T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39803
published_at	2026-04-12T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39786
published_at	2026-04-13T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39836
published_at	2026-04-16T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39808
published_at	2026-04-18T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39725
published_at	2026-04-21T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39545
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19312

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-19312

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cvae-k1kf-3bb5

129

url VCID-cwvp-td1x-r7ab

vulnerability_id VCID-cwvp-td1x-r7ab

summary A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3907

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07258
published_at	2026-04-24T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07181
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07175
published_at	2026-04-18T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07301
published_at	2026-04-21T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07172
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07217
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07197
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07251
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07278
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07274
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07261
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3907

reference_url

https://hackerone.com/reports/2058934

reference_id

2058934

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-27T15:56:10Z/

url

https://hackerone.com/reports/2058934

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/418878

reference_id

418878

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-27T15:56:10Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/418878

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-3907

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cwvp-td1x-r7ab

130

url VCID-d38q-afq9-wbdx

vulnerability_id VCID-d38q-afq9-wbdx

summary GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles.

references

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10085

reference_id

reference_type

scores

value	0.00075
scoring_system	epss
scoring_elements	0.22393
published_at	2026-04-24T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22544
published_at	2026-04-21T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22526
published_at	2026-04-01T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22698
published_at	2026-04-02T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22743
published_at	2026-04-04T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22531
published_at	2026-04-07T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22609
published_at	2026-04-08T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22662
published_at	2026-04-09T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2268
published_at	2026-04-11T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22639
published_at	2026-04-12T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22583
published_at	2026-04-13T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22598
published_at	2026-04-16T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22594
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10085

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10085

reference_id

CVE-2020-10085

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10085

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-10085

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d38q-afq9-wbdx

131

url VCID-d4kj-2yhs-63cn

vulnerability_id VCID-d4kj-2yhs-63cn

summary GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19310

reference_id

reference_type

scores

value	0.00071
scoring_system	epss
scoring_elements	0.21735
published_at	2026-04-01T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.219
published_at	2026-04-02T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21952
published_at	2026-04-04T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21719
published_at	2026-04-07T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21796
published_at	2026-04-08T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21852
published_at	2026-04-09T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21864
published_at	2026-04-11T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21824
published_at	2026-04-12T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21766
published_at	2026-04-16T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21773
published_at	2026-04-18T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21738
published_at	2026-04-21T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.2159
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19310

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-19310

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4kj-2yhs-63cn

132

url VCID-de67-fg42-33fc

vulnerability_id VCID-de67-fg42-33fc

summary An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18642

reference_id

reference_type

scores

value	0.00069
scoring_system	epss
scoring_elements	0.21085
published_at	2026-04-24T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21218
published_at	2026-04-01T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21374
published_at	2026-04-02T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21428
published_at	2026-04-04T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.2118
published_at	2026-04-07T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.2126
published_at	2026-04-08T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21322
published_at	2026-04-09T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21332
published_at	2026-04-11T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21291
published_at	2026-04-12T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21238
published_at	2026-04-13T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21231
published_at	2026-04-16T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.2124
published_at	2026-04-18T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21217
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18642

reference_url

reference_id

AVG-802

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39909

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2018-18642

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-de67-fg42-33fc

133

url VCID-de8b-d4wk-y3g2

vulnerability_id VCID-de8b-d4wk-y3g2

summary Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances

references

reference_url

reference_id

reference_type

scores

value	0.00049
scoring_system	epss
scoring_elements	0.1506
published_at	2026-04-24T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15144
published_at	2026-04-01T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15184
published_at	2026-04-02T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15251
published_at	2026-04-04T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15055
published_at	2026-04-07T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15143
published_at	2026-04-08T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15194
published_at	2026-04-09T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15164
published_at	2026-04-11T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15126
published_at	2026-04-12T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15061
published_at	2026-04-13T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.14961
published_at	2026-04-16T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.1497
published_at	2026-04-18T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15021
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39909

reference_url

https://security.archlinux.org/AVG-2503

reference_id

AVG-2503

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2503

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-39909

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-de8b-d4wk-y3g2

134

url VCID-dg2t-19xu-mkbb

vulnerability_id VCID-dg2t-19xu-mkbb

summary An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-15580

reference_id

reference_type

scores

value	0.00238
scoring_system	epss
scoring_elements	0.46854
published_at	2026-04-01T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.46892
published_at	2026-04-02T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.46909
published_at	2026-04-09T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.46856
published_at	2026-04-07T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.4691
published_at	2026-04-08T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.46933
published_at	2026-04-11T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.46906
published_at	2026-04-12T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.46913
published_at	2026-04-13T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.46969
published_at	2026-04-16T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.46965
published_at	2026-04-18T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.46914
published_at	2026-04-21T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.469
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-15580

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-15580

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dg2t-19xu-mkbb

135

url VCID-dndj-1cxz-r7ff

vulnerability_id VCID-dndj-1cxz-r7ff

summary An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privileges on the instance by creating a service account in that group. This service account is not classified as external and may be used to access internal projects.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3915

reference_id

reference_type

scores

value	0.00038
scoring_system	epss
scoring_elements	0.11201
published_at	2026-04-24T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11131
published_at	2026-04-16T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11133
published_at	2026-04-18T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11263
published_at	2026-04-21T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11337
published_at	2026-04-02T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11395
published_at	2026-04-04T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11188
published_at	2026-04-07T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11268
published_at	2026-04-08T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11323
published_at	2026-04-09T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11329
published_at	2026-04-11T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11295
published_at	2026-04-12T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11269
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3915

reference_url

https://hackerone.com/reports/2040834

reference_id

2040834

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T13:59:46Z/

url

https://hackerone.com/reports/2040834

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/417664

reference_id

417664

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T13:59:46Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/417664

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-3915

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dndj-1cxz-r7ff

136

url VCID-drqj-c18r-w7h8

vulnerability_id VCID-drqj-c18r-w7h8

summary An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-4612

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07239
published_at	2026-04-24T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07233
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07165
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07159
published_at	2026-04-18T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07281
published_at	2026-04-21T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07157
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07202
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07179
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07234
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07259
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07256
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07243
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-4612

reference_url

https://hackerone.com/reports/2479857

reference_id

2479857

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:22:22Z/

url

https://hackerone.com/reports/2479857

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/460707

reference_id

460707

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:22:22Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/460707

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-4612

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-drqj-c18r-w7h8

137

url VCID-drzh-34h4-jqge

vulnerability_id VCID-drzh-34h4-jqge

summary Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22253

reference_id

reference_type

scores

value	0.0031
scoring_system	epss
scoring_elements	0.54046
published_at	2026-04-01T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54063
published_at	2026-04-02T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54092
published_at	2026-04-04T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54066
published_at	2026-04-07T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54117
published_at	2026-04-08T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54115
published_at	2026-04-24T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54165
published_at	2026-04-16T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54147
published_at	2026-04-12T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54126
published_at	2026-04-13T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54169
published_at	2026-04-18T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.5415
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22253

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-22253

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-drzh-34h4-jqge

138

url VCID-e17m-j47b-kbap

vulnerability_id VCID-e17m-j47b-kbap

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-1069

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.08127
published_at	2026-04-02T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.0817
published_at	2026-04-04T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08116
published_at	2026-04-07T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08184
published_at	2026-04-08T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08202
published_at	2026-04-09T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08193
published_at	2026-04-11T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08849
published_at	2026-04-16T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08824
published_at	2026-04-18T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08973
published_at	2026-04-21T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.0902
published_at	2026-04-24T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08971
published_at	2026-04-12T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08959
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-1069

reference_url

https://hackerone.com/reports/3483687

reference_id

3483687

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T19:39:21Z/

url

https://hackerone.com/reports/3483687

reference_url

https://gitlab.com/gitlab-org/gitlab/-/work_items/586474

reference_id

586474

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T19:39:21Z/

url

https://gitlab.com/gitlab-org/gitlab/-/work_items/586474

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released/

reference_id

patch-release-gitlab-18-9-2-released

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T19:39:21Z/

url

https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-1069

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e17m-j47b-kbap

139

url VCID-e2c2-k4fs-5fdn

vulnerability_id VCID-e2c2-k4fs-5fdn

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2104

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01791
published_at	2026-04-09T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01784
published_at	2026-04-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01773
published_at	2026-04-12T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01771
published_at	2026-04-13T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02731
published_at	2026-04-18T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02843
published_at	2026-04-21T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02835
published_at	2026-04-24T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02719
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2104

reference_url

https://hackerone.com/reports/3541476

reference_id

3541476

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:43:15Z/

url

https://hackerone.com/reports/3541476

reference_url

https://gitlab.com/gitlab-org/gitlab/-/work_items/589021

reference_id

589021

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:43:15Z/

url

https://gitlab.com/gitlab-org/gitlab/-/work_items/589021

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

reference_id

patch-release-gitlab-18-10-3-released

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:43:15Z/

url

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-2104

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2c2-k4fs-5fdn

140

url VCID-e98k-gk6q-8ucw

vulnerability_id VCID-e98k-gk6q-8ucw

summary For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13286

reference_id

reference_type

scores

value	0.00139
scoring_system	epss
scoring_elements	0.33723
published_at	2026-04-01T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34066
published_at	2026-04-02T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34097
published_at	2026-04-04T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.33954
published_at	2026-04-07T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.33996
published_at	2026-04-16T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34028
published_at	2026-04-09T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34027
published_at	2026-04-11T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.33984
published_at	2026-04-12T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.33961
published_at	2026-04-13T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.33983
published_at	2026-04-18T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.3395
published_at	2026-04-21T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.33574
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13286

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-13286

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e98k-gk6q-8ucw

141

url VCID-ef6r-7zfp-6ueu

vulnerability_id VCID-ef6r-7zfp-6ueu

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in GraphQL request processing.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-3988

reference_id

reference_type

scores

value	0.00055
scoring_system	epss
scoring_elements	0.17286
published_at	2026-04-24T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17338
published_at	2026-04-16T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17346
published_at	2026-04-18T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17379
published_at	2026-04-21T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17504
published_at	2026-04-02T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17551
published_at	2026-04-04T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17331
published_at	2026-04-07T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17423
published_at	2026-04-08T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17484
published_at	2026-04-09T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17496
published_at	2026-04-11T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17449
published_at	2026-04-12T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17396
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-3988

reference_url

https://hackerone.com/reports/3597342

reference_id

3597342

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:21:45Z/

url

https://hackerone.com/reports/3597342

reference_url

https://gitlab.com/gitlab-org/gitlab/-/work_items/593140

reference_id

593140

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:21:45Z/

url

https://gitlab.com/gitlab-org/gitlab/-/work_items/593140

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/

reference_id

patch-release-gitlab-18-10-1-released

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:21:45Z/

url

https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-3988

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ef6r-7zfp-6ueu

142

url VCID-efgu-vj7d-wqgh

vulnerability_id VCID-efgu-vj7d-wqgh

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific conditions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-9183

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.01172
published_at	2026-04-02T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01178
published_at	2026-04-04T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02502
published_at	2026-04-08T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02489
published_at	2026-04-12T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02488
published_at	2026-04-13T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02473
published_at	2026-04-16T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02479
published_at	2026-04-18T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02586
published_at	2026-04-21T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02499
published_at	2026-04-07T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02523
published_at	2026-04-09T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.025
published_at	2026-04-11T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00557
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-9183

reference_url

https://hackerone.com/reports/2707421

reference_id

2707421

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-09T04:55:54Z/

url

https://hackerone.com/reports/2707421

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/494478

reference_id

494478

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-09T04:55:54Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/494478

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/

reference_id

patch-release-gitlab-18-6-1-released

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-09T04:55:54Z/

url

https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-9183

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-efgu-vj7d-wqgh

143

url VCID-eh5u-tnu8-6uc2

vulnerability_id VCID-eh5u-tnu8-6uc2

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processing in markdown preview.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-1456

reference_id

reference_type

scores

value	0.00032
scoring_system	epss
scoring_elements	0.0912
published_at	2026-04-02T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09207
published_at	2026-04-09T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09209
published_at	2026-04-11T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09178
published_at	2026-04-12T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09164
published_at	2026-04-13T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09059
published_at	2026-04-16T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09039
published_at	2026-04-18T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09173
published_at	2026-04-04T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09097
published_at	2026-04-07T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09177
published_at	2026-04-08T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10993
published_at	2026-04-24T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11034
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-1456

reference_url

https://hackerone.com/reports/3517928

reference_id

3517928

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:38:41Z/

url

https://hackerone.com/reports/3517928

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/587688

reference_id

587688

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:38:41Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/587688

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

reference_id

patch-release-gitlab-18-8-4-released

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:38:41Z/

url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-1456

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eh5u-tnu8-6uc2

144

url VCID-erzs-6pbk-tbbv

vulnerability_id VCID-erzs-6pbk-tbbv

summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-5318

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.11116
published_at	2026-04-24T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11175
published_at	2026-04-13T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11041
published_at	2026-04-16T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.1105
published_at	2026-04-18T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11182
published_at	2026-04-21T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11213
published_at	2026-04-02T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11275
published_at	2026-04-04T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11088
published_at	2026-04-07T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11167
published_at	2026-04-08T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11224
published_at	2026-04-09T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11233
published_at	2026-04-11T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11201
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-5318

reference_url

https://hackerone.com/reports/2189464

reference_id

2189464

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-24T19:20:30Z/

url

https://hackerone.com/reports/2189464

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/427526

reference_id

427526

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-24T19:20:30Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/427526

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-5318

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-erzs-6pbk-tbbv

145

url VCID-euf4-86tg-buex

vulnerability_id VCID-euf4-86tg-buex

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an unauthenticated user to join arbitrary organizations by changing headers on some requests.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-12653

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.118
published_at	2026-04-24T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22346
published_at	2026-04-08T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22324
published_at	2026-04-13T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22338
published_at	2026-04-16T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22331
published_at	2026-04-18T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22281
published_at	2026-04-21T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22476
published_at	2026-04-04T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22264
published_at	2026-04-07T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22431
published_at	2026-04-02T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22402
published_at	2026-04-09T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22422
published_at	2026-04-11T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22381
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-12653

reference_url

https://hackerone.com/reports/3370245

reference_id

3370245

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T14:41:33Z/

url

https://hackerone.com/reports/3370245

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/579372

reference_id

579372

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T14:41:33Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/579372

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/

reference_id

patch-release-gitlab-18-6-1-released

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T14:41:33Z/

url

https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-12653

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-euf4-86tg-buex

146

url VCID-eukj-31bc-gygf

vulnerability_id VCID-eukj-31bc-gygf

summary An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to access issues and epics without having an SSO session using Duo Chat.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-3115

reference_id

reference_type

scores

value	0.00134
scoring_system	epss
scoring_elements	0.32864
published_at	2026-04-24T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.3303
published_at	2026-04-13T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33071
published_at	2026-04-16T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33049
published_at	2026-04-18T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.3301
published_at	2026-04-21T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33152
published_at	2026-04-02T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33185
published_at	2026-04-04T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33015
published_at	2026-04-07T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33059
published_at	2026-04-08T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.3309
published_at	2026-04-09T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33092
published_at	2026-04-11T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33054
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-3115

reference_url

https://hackerone.com/reports/2417868

reference_id

2417868

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T18:33:42Z/

url

https://hackerone.com/reports/2417868

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/452548

reference_id

452548

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T18:33:42Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/452548

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-3115

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eukj-31bc-gygf

147

url VCID-ezke-u972-xuc1

vulnerability_id VCID-ezke-u972-xuc1

summary An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration.. It has Insecure Permissions (issue 1 of 4).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-18456

reference_id

reference_type

scores

value	0.00086
scoring_system	epss
scoring_elements	0.24916
published_at	2026-04-01T12:55:00Z

value	0.00086
scoring_system	epss
scoring_elements	0.24995
published_at	2026-04-02T12:55:00Z

value	0.00086
scoring_system	epss
scoring_elements	0.25036
published_at	2026-04-04T12:55:00Z

value	0.00086
scoring_system	epss
scoring_elements	0.24809
published_at	2026-04-07T12:55:00Z

value	0.00086
scoring_system	epss
scoring_elements	0.24877
published_at	2026-04-08T12:55:00Z

value	0.00086
scoring_system	epss
scoring_elements	0.24922
published_at	2026-04-09T12:55:00Z

value	0.00086
scoring_system	epss
scoring_elements	0.24937
published_at	2026-04-11T12:55:00Z

value	0.00086
scoring_system	epss
scoring_elements	0.24898
published_at	2026-04-12T12:55:00Z

value	0.00086
scoring_system	epss
scoring_elements	0.24844
published_at	2026-04-13T12:55:00Z

value	0.00086
scoring_system	epss
scoring_elements	0.24855
published_at	2026-04-16T12:55:00Z

value	0.00086
scoring_system	epss
scoring_elements	0.24849
published_at	2026-04-18T12:55:00Z

value	0.00086
scoring_system	epss
scoring_elements	0.24826
published_at	2026-04-21T12:55:00Z

value	0.00086
scoring_system	epss
scoring_elements	0.2477
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-18456

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-18456

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ezke-u972-xuc1

148

url VCID-ezuk-qknb-tucz

vulnerability_id VCID-ezuk-qknb-tucz

summary GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-1516

reference_id

reference_type

scores

value	0.00019
scoring_system	epss
scoring_elements	0.05048
published_at	2026-04-09T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05028
published_at	2026-04-11T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.0501
published_at	2026-04-12T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04991
published_at	2026-04-13T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13533
published_at	2026-04-18T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13607
published_at	2026-04-21T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13617
published_at	2026-04-24T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13536
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-1516

reference_url

https://hackerone.com/reports/3514461

reference_id

3514461

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:42:16Z/

url

https://hackerone.com/reports/3514461

reference_url

https://gitlab.com/gitlab-org/gitlab/-/work_items/587893

reference_id

587893

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:42:16Z/

url

https://gitlab.com/gitlab-org/gitlab/-/work_items/587893

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

reference_id

patch-release-gitlab-18-10-3-released

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:42:16Z/

url

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-1516

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ezuk-qknb-tucz

149

url VCID-f143-jv24-qqa8

vulnerability_id VCID-f143-jv24-qqa8

summary GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4580

reference_id

reference_type

scores

value	0.00068
scoring_system	epss
scoring_elements	0.20963
published_at	2026-04-01T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21117
published_at	2026-04-02T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21172
published_at	2026-04-04T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20886
published_at	2026-04-07T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20966
published_at	2026-04-08T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21027
published_at	2026-04-09T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21042
published_at	2026-04-11T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20998
published_at	2026-04-12T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20945
published_at	2026-04-13T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20934
published_at	2026-04-18T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20915
published_at	2026-04-21T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20785
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4580

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2013-4580

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f143-jv24-qqa8

150

url VCID-f5yv-akwg-cbe2

vulnerability_id VCID-f5yv-akwg-cbe2

summary A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3914

reference_id

reference_type

scores

value	0.00042
scoring_system	epss
scoring_elements	0.12779
published_at	2026-04-24T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12641
published_at	2026-04-16T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12649
published_at	2026-04-18T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12761
published_at	2026-04-21T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12871
published_at	2026-04-02T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12922
published_at	2026-04-04T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12725
published_at	2026-04-07T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12804
published_at	2026-04-08T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12855
published_at	2026-04-09T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12821
published_at	2026-04-11T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12784
published_at	2026-04-12T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12738
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3914

reference_url

https://hackerone.com/reports/2040822

reference_id

2040822

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T13:49:27Z/

url

https://hackerone.com/reports/2040822

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/418115

reference_id

418115

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T13:49:27Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/418115

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-3914

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f5yv-akwg-cbe2

151

url VCID-f72v-rymq-6qer

vulnerability_id VCID-f72v-rymq-6qer

summary GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7972

reference_id

reference_type

scores

value	0.00052
scoring_system	epss
scoring_elements	0.16149
published_at	2026-04-01T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16332
published_at	2026-04-02T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16393
published_at	2026-04-04T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16192
published_at	2026-04-07T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16277
published_at	2026-04-08T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16341
published_at	2026-04-09T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16323
published_at	2026-04-11T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16284
published_at	2026-04-12T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16216
published_at	2026-04-13T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16153
published_at	2026-04-16T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.1617
published_at	2026-04-18T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16208
published_at	2026-04-21T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16098
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7972

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-7972

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f72v-rymq-6qer

152

url VCID-fjaw-huga-rfft

vulnerability_id VCID-fjaw-huga-rfft

summary Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3291

reference_id

reference_type

scores

value	0.00446
scoring_system	epss
scoring_elements	0.63525
published_at	2026-04-24T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63513
published_at	2026-04-16T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.6352
published_at	2026-04-18T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63507
published_at	2026-04-21T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.6345
published_at	2026-04-02T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63476
published_at	2026-04-04T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63441
published_at	2026-04-07T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63493
published_at	2026-04-08T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.6351
published_at	2026-04-09T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63527
published_at	2026-04-11T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63512
published_at	2026-04-12T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63477
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3291

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/354299

reference_id

354299

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:42:20Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/354299

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3291.json

reference_id

CVE-2022-3291.json

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:42:20Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3291.json

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-3291

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fjaw-huga-rfft

153

url VCID-fkdm-5xnv-9qdk

vulnerability_id VCID-fkdm-5xnv-9qdk

summary An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-15590

reference_id

reference_type

scores

value	0.00109
scoring_system	epss
scoring_elements	0.29227
published_at	2026-04-12T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29301
published_at	2026-04-02T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.2935
published_at	2026-04-04T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29162
published_at	2026-04-07T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29267
published_at	2026-04-09T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29273
published_at	2026-04-11T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29174
published_at	2026-04-13T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29201
published_at	2026-04-16T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29177
published_at	2026-04-18T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29128
published_at	2026-04-21T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29008
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-15590

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-15590

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fkdm-5xnv-9qdk

154

url VCID-fmf9-nugf-ubg3

vulnerability_id VCID-fmf9-nugf-ubg3

summary GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scoped GraphQL mutations.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-11340

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01545
published_at	2026-04-24T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01538
published_at	2026-04-21T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01442
published_at	2026-04-02T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01445
published_at	2026-04-04T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01451
published_at	2026-04-07T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01456
published_at	2026-04-08T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01458
published_at	2026-04-09T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01453
published_at	2026-04-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01446
published_at	2026-04-12T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01447
published_at	2026-04-13T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01436
published_at	2026-04-16T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.0145
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-11340

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/567847

reference_id

567847

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-09T13:42:36Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/567847

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/

reference_id

patch-release-gitlab-18-4-2-released

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-09T13:42:36Z/

url

https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-11340

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fmf9-nugf-ubg3

155

url VCID-fmwb-v7jb-4uh9

vulnerability_id VCID-fmwb-v7jb-4uh9

summary GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user to gain unauthorized access to resources due to improper caching of authorization decisions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-4363

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.02857
published_at	2026-04-24T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02863
published_at	2026-04-21T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02763
published_at	2026-04-02T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02777
published_at	2026-04-04T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02784
published_at	2026-04-07T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02788
published_at	2026-04-08T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02808
published_at	2026-04-09T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02779
published_at	2026-04-11T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.0276
published_at	2026-04-12T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02756
published_at	2026-04-13T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.0274
published_at	2026-04-16T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02752
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-4363

reference_url

https://gitlab.com/gitlab-org/gitlab/-/work_items/578561

reference_id

578561

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:57:30Z/

url

https://gitlab.com/gitlab-org/gitlab/-/work_items/578561

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/

reference_id

patch-release-gitlab-18-10-1-released

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:57:30Z/

url

https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-4363

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fmwb-v7jb-4uh9

156

url VCID-fp39-354q-43ga

vulnerability_id VCID-fp39-354q-43ga

summary Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19086

reference_id

reference_type

scores

value	0.00047
scoring_system	epss
scoring_elements	0.14357
published_at	2026-04-01T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14443
published_at	2026-04-02T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14512
published_at	2026-04-04T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.1432
published_at	2026-04-07T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14402
published_at	2026-04-08T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14457
published_at	2026-04-09T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14406
published_at	2026-04-11T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14369
published_at	2026-04-12T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14313
published_at	2026-04-13T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14203
published_at	2026-04-16T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14201
published_at	2026-04-18T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14273
published_at	2026-04-21T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14299
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19086

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-19086

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fp39-354q-43ga

157

url VCID-ftgc-s9ka-gkek

vulnerability_id VCID-ftgc-s9ka-gkek

summary Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-2045

reference_id

reference_type

scores

value	0.00032
scoring_system	epss
scoring_elements	0.09065
published_at	2026-04-16T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09248
published_at	2026-04-24T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09201
published_at	2026-04-21T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09045
published_at	2026-04-18T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11924
published_at	2026-04-02T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11905
published_at	2026-04-11T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11866
published_at	2026-04-12T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11839
published_at	2026-04-13T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11894
published_at	2026-04-09T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11971
published_at	2026-04-04T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11759
published_at	2026-04-07T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11842
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-2045

reference_url

https://hackerone.com/reports/2921111

reference_id

2921111

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T16:07:06Z/

url

https://hackerone.com/reports/2921111

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/512050

reference_id

512050

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T16:07:06Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/512050

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-2045

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ftgc-s9ka-gkek

158

url VCID-fx2p-77ja-v3ex

vulnerability_id VCID-fx2p-77ja-v3ex

summary GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in the API.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-1752

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.01088
published_at	2026-04-24T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01101
published_at	2026-04-11T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01095
published_at	2026-04-12T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01096
published_at	2026-04-13T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01089
published_at	2026-04-21T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01118
published_at	2026-04-09T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01581
published_at	2026-04-16T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01594
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-1752

reference_url

https://hackerone.com/reports/3533545

reference_id

3533545

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T14:58:34Z/

url

https://hackerone.com/reports/3533545

reference_url

https://gitlab.com/gitlab-org/gitlab/-/work_items/588413

reference_id

588413

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T14:58:34Z/

url

https://gitlab.com/gitlab-org/gitlab/-/work_items/588413

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

reference_id

patch-release-gitlab-18-10-3-released

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T14:58:34Z/

url

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-1752

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fx2p-77ja-v3ex

159

url VCID-fxwa-n6xh-syg7

vulnerability_id VCID-fxwa-n6xh-syg7

summary An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1042

reference_id

reference_type

scores

value	0.00028
scoring_system	epss
scoring_elements	0.07823
published_at	2026-04-24T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.0774
published_at	2026-04-16T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.07714
published_at	2026-04-18T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.07866
published_at	2026-04-21T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.07781
published_at	2026-04-02T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.07827
published_at	2026-04-04T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.07784
published_at	2026-04-07T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.07841
published_at	2026-04-08T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.07861
published_at	2026-04-09T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.07852
published_at	2026-04-11T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.07839
published_at	2026-04-12T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.07825
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1042

reference_url

https://hackerone.com/reports/2886976

reference_id

2886976

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T15:12:21Z/

url

https://hackerone.com/reports/2886976

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/50849943

reference_id

50849943

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T15:12:21Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/50849943

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-1042

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fxwa-n6xh-syg7

160

url VCID-fzcz-yzq3-kfbc

vulnerability_id VCID-fzcz-yzq3-kfbc

summary An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-4597

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05774
published_at	2026-04-24T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05584
published_at	2026-04-18T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05742
published_at	2026-04-21T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05563
published_at	2026-04-02T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.056
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05597
published_at	2026-04-07T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05635
published_at	2026-04-08T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05661
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05633
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05624
published_at	2026-04-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05618
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0557
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-4597

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/438686

reference_id

438686

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T19:33:41Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/438686

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-4597

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fzcz-yzq3-kfbc

161

url VCID-g66c-1xkw-syhr

vulnerability_id VCID-g66c-1xkw-syhr

summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their group, through the REST API, even after their group owner enabled a setting to prevent members from being added to projects within that group.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1783

reference_id

reference_type

scores

value	0.0047
scoring_system	epss
scoring_elements	0.64493
published_at	2026-04-01T12:55:00Z

value	0.0047
scoring_system	epss
scoring_elements	0.64546
published_at	2026-04-02T12:55:00Z

value	0.0047
scoring_system	epss
scoring_elements	0.64575
published_at	2026-04-04T12:55:00Z

value	0.0047
scoring_system	epss
scoring_elements	0.64533
published_at	2026-04-07T12:55:00Z

value	0.0047
scoring_system	epss
scoring_elements	0.64581
published_at	2026-04-08T12:55:00Z

value	0.0047
scoring_system	epss
scoring_elements	0.64597
published_at	2026-04-09T12:55:00Z

value	0.0047
scoring_system	epss
scoring_elements	0.64614
published_at	2026-04-11T12:55:00Z

value	0.0047
scoring_system	epss
scoring_elements	0.64602
published_at	2026-04-12T12:55:00Z

value	0.0047
scoring_system	epss
scoring_elements	0.64573
published_at	2026-04-13T12:55:00Z

value	0.0047
scoring_system	epss
scoring_elements	0.64608
published_at	2026-04-16T12:55:00Z

value	0.0047
scoring_system	epss
scoring_elements	0.6462
published_at	2026-04-18T12:55:00Z

value	0.0047
scoring_system	epss
scoring_elements	0.64606
published_at	2026-04-21T12:55:00Z

value	0.0047
scoring_system	epss
scoring_elements	0.64625
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1783

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-1783

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g66c-1xkw-syhr

162

url VCID-g81j-6bnt-dfcg

vulnerability_id VCID-g81j-6bnt-dfcg

summary An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-8640

reference_id

reference_type

scores

value	0.0018
scoring_system	epss
scoring_elements	0.3937
published_at	2026-04-24T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39611
published_at	2026-04-13T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39662
published_at	2026-04-16T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39633
published_at	2026-04-18T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.3955
published_at	2026-04-21T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39646
published_at	2026-04-02T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39668
published_at	2026-04-04T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39585
published_at	2026-04-07T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.3964
published_at	2026-04-08T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39654
published_at	2026-04-09T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39663
published_at	2026-04-11T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39627
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-8640

reference_url

https://hackerone.com/reports/2687770

reference_id

2687770

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:29:55Z/

url

https://hackerone.com/reports/2687770

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/486213

reference_id

486213

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:29:55Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/486213

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-8640

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g81j-6bnt-dfcg

163

url VCID-gcjp-uj87-27au

vulnerability_id VCID-gcjp-uj87-27au

summary An issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22182

reference_id

reference_type

scores

value	0.0014
scoring_system	epss
scoring_elements	0.33932
published_at	2026-04-01T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34271
published_at	2026-04-02T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34303
published_at	2026-04-04T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34167
published_at	2026-04-07T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.3421
published_at	2026-04-08T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34239
published_at	2026-04-11T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34198
published_at	2026-04-12T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34174
published_at	2026-04-13T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34207
published_at	2026-04-16T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34195
published_at	2026-04-18T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34158
published_at	2026-04-21T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.33786
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22182

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-22182

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gcjp-uj87-27au

164

url VCID-gfq6-n338-nudk

vulnerability_id VCID-gfq6-n338-nudk

summary An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-5470

reference_id

reference_type

scores

value	0.00053
scoring_system	epss
scoring_elements	0.16341
published_at	2026-04-24T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16451
published_at	2026-04-13T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16391
published_at	2026-04-16T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16411
published_at	2026-04-18T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16449
published_at	2026-04-21T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16567
published_at	2026-04-02T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16629
published_at	2026-04-04T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16428
published_at	2026-04-07T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16514
published_at	2026-04-08T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16568
published_at	2026-04-09T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16549
published_at	2026-04-11T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.1651
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-5470

reference_url

https://hackerone.com/reports/2521480

reference_id

2521480

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-11T15:07:35Z/

url

https://hackerone.com/reports/2521480

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/464312

reference_id

464312

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-11T15:07:35Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/464312

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-5470

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfq6-n338-nudk

165

url VCID-gn5e-xkpz-u3d4

vulnerability_id VCID-gn5e-xkpz-u3d4

summary An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting users with a specific role.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-12303

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04482
published_at	2026-04-11T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04418
published_at	2026-04-16T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04449
published_at	2026-04-13T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04467
published_at	2026-04-12T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04402
published_at	2026-04-02T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04429
published_at	2026-04-04T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0444
published_at	2026-04-07T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04474
published_at	2026-04-08T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0449
published_at	2026-04-09T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05255
published_at	2026-04-24T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05071
published_at	2026-04-18T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05221
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-12303

reference_url

https://hackerone.com/reports/2861889

reference_id

2861889

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T19:59:48Z/

url

https://hackerone.com/reports/2861889

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/508298

reference_id

508298

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T19:59:48Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/508298

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-12303

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gn5e-xkpz-u3d4

166

url VCID-gp7a-67bq-huey

vulnerability_id VCID-gp7a-67bq-huey

summary Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13262

reference_id

reference_type

scores

value	0.0021
scoring_system	epss
scoring_elements	0.43322
published_at	2026-04-01T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43383
published_at	2026-04-02T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43411
published_at	2026-04-04T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43349
published_at	2026-04-07T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43399
published_at	2026-04-08T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43414
published_at	2026-04-09T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43433
published_at	2026-04-11T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43401
published_at	2026-04-12T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43386
published_at	2026-04-13T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43445
published_at	2026-04-16T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43434
published_at	2026-04-18T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43368
published_at	2026-04-21T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43299
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13262

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-13262

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gp7a-67bq-huey

167

url VCID-gsjb-8dh6-kbdc

vulnerability_id VCID-gsjb-8dh6-kbdc

summary GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem.

references

reference_url	https://about.gitlab.com/2017/07/22/gitlab-9-4-released/#security---add-ldap-ssl-certificate-verification
reference_id
reference_type
scores
url	https://about.gitlab.com/2017/07/22/gitlab-9-4-released/#security---add-ldap-ssl-certificate-verification

reference_url	https://about.gitlab.com/2017/07/28/gitlab-9-dot-4-dot-2-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/2017/07/28/gitlab-9-dot-4-dot-2-released/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-17716

reference_id

reference_type

scores

value	0.00087
scoring_system	epss
scoring_elements	0.2494
published_at	2026-04-24T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25003
published_at	2026-04-21T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25104
published_at	2026-04-01T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25184
published_at	2026-04-02T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25226
published_at	2026-04-04T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24996
published_at	2026-04-07T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25064
published_at	2026-04-08T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25109
published_at	2026-04-09T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25124
published_at	2026-04-11T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25083
published_at	2026-04-12T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25029
published_at	2026-04-13T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25039
published_at	2026-04-16T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25031
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-17716

reference_url	https://gitlab.com/gitlab-org/gitlab-ce/issues/30420
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/gitlab-ce/issues/30420

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:::::::*
reference_id	cpe:2.3:a:gitlab:gitlab:9.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc1::::::
reference_id	cpe:2.3:a:gitlab:gitlab:9.4.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc2::::::
reference_id	cpe:2.3:a:gitlab:gitlab:9.4.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc3::::::
reference_id	cpe:2.3:a:gitlab:gitlab:9.4.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc4::::::
reference_id	cpe:2.3:a:gitlab:gitlab:9.4.0:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc5::::::
reference_id	cpe:2.3:a:gitlab:gitlab:9.4.0:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc6::::::
reference_id	cpe:2.3:a:gitlab:gitlab:9.4.0:rc6::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc6::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.1:::::::*
reference_id	cpe:2.3:a:gitlab:gitlab:9.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-17716

reference_id

CVE-2017-17716

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-17716

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2017-17716

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gsjb-8dh6-kbdc

168

url VCID-gtke-br25-4fcn

vulnerability_id VCID-gtke-br25-4fcn

summary An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3115

reference_id

reference_type

scores

value	0.00038
scoring_system	epss
scoring_elements	0.11221
published_at	2026-04-24T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11157
published_at	2026-04-16T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11159
published_at	2026-04-18T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11282
published_at	2026-04-21T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11366
published_at	2026-04-02T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11422
published_at	2026-04-04T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11214
published_at	2026-04-07T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11295
published_at	2026-04-13T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11349
published_at	2026-04-09T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11356
published_at	2026-04-11T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11322
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3115

reference_url

https://hackerone.com/reports/2004158

reference_id

2004158

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:12:41Z/

url

https://hackerone.com/reports/2004158

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/414367

reference_id

414367

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:12:41Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/414367

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-3115

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gtke-br25-4fcn

169

url VCID-h1y2-hbx2-63gb

vulnerability_id VCID-h1y2-hbx2-63gb

summary GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address.

references

reference_url	https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10535

reference_id

reference_type

scores

value	0.00164
scoring_system	epss
scoring_elements	0.37036
published_at	2026-04-24T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37259
published_at	2026-04-21T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37252
published_at	2026-04-01T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37417
published_at	2026-04-02T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37442
published_at	2026-04-04T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.3727
published_at	2026-04-07T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37321
published_at	2026-04-08T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37333
published_at	2026-04-09T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37345
published_at	2026-04-11T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37311
published_at	2026-04-12T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37283
published_at	2026-04-13T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.3733
published_at	2026-04-16T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37313
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10535

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10535

reference_id

CVE-2020-10535

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10535

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-10535

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h1y2-hbx2-63gb

170

url VCID-h59w-6g9r-8uep

vulnerability_id VCID-h59w-6g9r-8uep

summary An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-11865

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02671
published_at	2026-04-18T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02785
published_at	2026-04-21T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02663
published_at	2026-04-16T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02775
published_at	2026-04-24T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02962
published_at	2026-04-12T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02986
published_at	2026-04-11T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02953
published_at	2026-04-13T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06155
published_at	2026-04-09T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06092
published_at	2026-04-04T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06075
published_at	2026-04-07T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06116
published_at	2026-04-08T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06064
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-11865

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/561399

reference_id

561399

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T20:12:00Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/561399

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/

reference_id

patch-release-gitlab-18-5-2-released

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T20:12:00Z/

url

https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-11865

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h59w-6g9r-8uep

171

url VCID-hht6-1bs9-37d5

vulnerability_id VCID-hht6-1bs9-37d5

summary GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sending specially crafted requests to a CI jobs API endpoint.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-1725

reference_id

reference_type

scores

value	0.00048
scoring_system	epss
scoring_elements	0.14712
published_at	2026-04-24T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.1461
published_at	2026-04-16T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14619
published_at	2026-04-18T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14681
published_at	2026-04-21T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14822
published_at	2026-04-02T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14901
published_at	2026-04-04T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14702
published_at	2026-04-07T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14792
published_at	2026-04-08T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14852
published_at	2026-04-09T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.1481
published_at	2026-04-11T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14773
published_at	2026-04-12T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14716
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-1725

reference_url

https://hackerone.com/reports/3519773

reference_id

3519773

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:42:17Z/

url

https://hackerone.com/reports/3519773

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/588338

reference_id

588338

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:42:17Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/588338

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/

reference_id

patch-release-gitlab-18-9-1-released

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:42:17Z/

url

https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-1725

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hht6-1bs9-37d5

172

url VCID-hkue-hmp7-ckhn

vulnerability_id VCID-hkue-hmp7-ckhn

summary An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13349

reference_id

reference_type

scores

value	0.00166
scoring_system	epss
scoring_elements	0.37666
published_at	2026-04-01T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37848
published_at	2026-04-02T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37873
published_at	2026-04-04T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37751
published_at	2026-04-07T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37802
published_at	2026-04-08T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37814
published_at	2026-04-09T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37829
published_at	2026-04-11T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37793
published_at	2026-04-12T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37768
published_at	2026-04-13T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37816
published_at	2026-04-16T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37797
published_at	2026-04-18T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37736
published_at	2026-04-21T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37498
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13349

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-13349

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkue-hmp7-ckhn

173

url VCID-hmtm-rq4z-w7gp

vulnerability_id VCID-hmtm-rq4z-w7gp

summary An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-7110

reference_id

reference_type

scores

value	0.001
scoring_system	epss
scoring_elements	0.27607
published_at	2026-04-24T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27698
published_at	2026-04-18T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27659
published_at	2026-04-21T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27867
published_at	2026-04-02T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27908
published_at	2026-04-04T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.277
published_at	2026-04-07T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27767
published_at	2026-04-08T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27809
published_at	2026-04-09T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27815
published_at	2026-04-11T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27774
published_at	2026-04-12T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27716
published_at	2026-04-13T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27724
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-7110

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/472603

reference_id

472603

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-22T17:32:38Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/472603

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-7110

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hmtm-rq4z-w7gp

174

url VCID-hnxc-wv6f-bbb4

vulnerability_id VCID-hnxc-wv6f-bbb4

summary An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5472

reference_id

reference_type

scores

value	0.00244
scoring_system	epss
scoring_elements	0.47615
published_at	2026-04-01T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47653
published_at	2026-04-02T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47674
published_at	2026-04-12T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47624
published_at	2026-04-07T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47679
published_at	2026-04-08T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47675
published_at	2026-04-09T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47698
published_at	2026-04-11T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47683
published_at	2026-04-13T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.4774
published_at	2026-04-16T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47732
published_at	2026-04-18T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47685
published_at	2026-04-21T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47666
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5472

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-5472

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hnxc-wv6f-bbb4

175

url VCID-hs1h-p7zh-kqhr

vulnerability_id VCID-hs1h-p7zh-kqhr

summary An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-9164

reference_id

reference_type

scores

value	0.00221
scoring_system	epss
scoring_elements	0.44666
published_at	2026-04-24T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44771
published_at	2026-04-13T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44824
published_at	2026-04-16T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44817
published_at	2026-04-18T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44747
published_at	2026-04-21T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44769
published_at	2026-04-12T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.4479
published_at	2026-04-04T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44728
published_at	2026-04-07T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44782
published_at	2026-04-08T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44784
published_at	2026-04-09T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44801
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-9164

reference_url

https://hackerone.com/reports/2711204

reference_id

2711204

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-11T13:42:31Z/

url

https://hackerone.com/reports/2711204

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/493946

reference_id

493946

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-11T13:42:31Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/493946

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-9164

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hs1h-p7zh-kqhr

176

url VCID-hs2j-8gma-xbec

vulnerability_id VCID-hs2j-8gma-xbec

summary An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so.

references

reference_url	https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-15731

reference_id

reference_type

scores

value	0.00241
scoring_system	epss
scoring_elements	0.47373
published_at	2026-04-24T12:55:00Z

value	0.00241
scoring_system	epss
scoring_elements	0.47386
published_at	2026-04-21T12:55:00Z

value	0.00241
scoring_system	epss
scoring_elements	0.47319
published_at	2026-04-01T12:55:00Z

value	0.00241
scoring_system	epss
scoring_elements	0.47355
published_at	2026-04-02T12:55:00Z

value	0.00241
scoring_system	epss
scoring_elements	0.47376
published_at	2026-04-12T12:55:00Z

value	0.00241
scoring_system	epss
scoring_elements	0.47324
published_at	2026-04-07T12:55:00Z

value	0.00241
scoring_system	epss
scoring_elements	0.4738
published_at	2026-04-08T12:55:00Z

value	0.00241
scoring_system	epss
scoring_elements	0.47377
published_at	2026-04-09T12:55:00Z

value	0.00241
scoring_system	epss
scoring_elements	0.47401
published_at	2026-04-11T12:55:00Z

value	0.00241
scoring_system	epss
scoring_elements	0.47383
published_at	2026-04-13T12:55:00Z

value	0.00241
scoring_system	epss
scoring_elements	0.47442
published_at	2026-04-16T12:55:00Z

value	0.00241
scoring_system	epss
scoring_elements	0.47435
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-15731

reference_url	https://gitlab.com/gitlab-org/gitlab-ce/issues/60465
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/gitlab-ce/issues/60465

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-15731

reference_id

CVE-2019-15731

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-15731

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-15731

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hs2j-8gma-xbec

177

url VCID-hu7q-pzj6-t7c9

vulnerability_id VCID-hu7q-pzj6-t7c9

summary An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection.

references

reference_url	https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-15724

reference_id

reference_type

scores

value	0.00115
scoring_system	epss
scoring_elements	0.29935
published_at	2026-04-24T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30006
published_at	2026-04-21T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30148
published_at	2026-04-01T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30186
published_at	2026-04-02T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30234
published_at	2026-04-04T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30054
published_at	2026-04-07T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30114
published_at	2026-04-08T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.3015
published_at	2026-04-09T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30153
published_at	2026-04-11T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.3011
published_at	2026-04-12T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.3006
published_at	2026-04-13T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30074
published_at	2026-04-16T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30052
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-15724

reference_url	https://gitlab.com/gitlab-org/gitlab-ce/issues/60888
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/gitlab-ce/issues/60888

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-15724

reference_id

CVE-2019-15724

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-15724

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-15724

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hu7q-pzj6-t7c9

178

url VCID-hx4t-s3dj-xuc5

vulnerability_id VCID-hx4t-s3dj-xuc5

summary An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was possible for a guest to read the source code of a private project by using group templates.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-4660

reference_id

reference_type

scores

value	0.00061
scoring_system	epss
scoring_elements	0.18963
published_at	2026-04-24T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19094
published_at	2026-04-13T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19053
published_at	2026-04-16T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19065
published_at	2026-04-18T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19073
published_at	2026-04-21T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19287
published_at	2026-04-02T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.1934
published_at	2026-04-04T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19055
published_at	2026-04-07T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19135
published_at	2026-04-08T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19188
published_at	2026-04-09T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19195
published_at	2026-04-11T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19149
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-4660

reference_url

https://hackerone.com/reports/2480126

reference_id

2480126

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:22:54Z/

url

https://hackerone.com/reports/2480126

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/460892

reference_id

460892

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:22:54Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/460892

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-4660

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hx4t-s3dj-xuc5

179

url VCID-j2jr-e1am-tfed

vulnerability_id VCID-j2jr-e1am-tfed

summary GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2995

reference_id

reference_type

scores

value	0.00064
scoring_system	epss
scoring_elements	0.19678
published_at	2026-04-24T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19768
published_at	2026-04-16T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19771
published_at	2026-04-18T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19783
published_at	2026-04-21T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19971
published_at	2026-04-02T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20029
published_at	2026-04-04T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19756
published_at	2026-04-07T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19836
published_at	2026-04-08T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19889
published_at	2026-04-09T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19897
published_at	2026-04-11T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19853
published_at	2026-04-12T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19796
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2995

reference_url

https://hackerone.com/reports/3564600

reference_id

3564600

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T03:55:35Z/

url

https://hackerone.com/reports/3564600

reference_url

https://gitlab.com/gitlab-org/gitlab/-/work_items/591065

reference_id

591065

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T03:55:35Z/

url

https://gitlab.com/gitlab-org/gitlab/-/work_items/591065

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/

reference_id

patch-release-gitlab-18-10-1-released

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T03:55:35Z/

url

https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-2995

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j2jr-e1am-tfed

180

url VCID-j3h8-a8dz-nbc3

vulnerability_id VCID-j3h8-a8dz-nbc3

summary An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18649

reference_id

reference_type

scores

value	0.54969
scoring_system	epss
scoring_elements	0.98057
published_at	2026-04-24T12:55:00Z

value	0.54969
scoring_system	epss
scoring_elements	0.98034
published_at	2026-04-01T12:55:00Z

value	0.54969
scoring_system	epss
scoring_elements	0.9804
published_at	2026-04-02T12:55:00Z

value	0.54969
scoring_system	epss
scoring_elements	0.98042
published_at	2026-04-04T12:55:00Z

value	0.54969
scoring_system	epss
scoring_elements	0.98044
published_at	2026-04-07T12:55:00Z

value	0.54969
scoring_system	epss
scoring_elements	0.98048
published_at	2026-04-08T12:55:00Z

value	0.54969
scoring_system	epss
scoring_elements	0.98049
published_at	2026-04-09T12:55:00Z

value	0.54969
scoring_system	epss
scoring_elements	0.98054
published_at	2026-04-11T12:55:00Z

value	0.54969
scoring_system	epss
scoring_elements	0.98055
published_at	2026-04-13T12:55:00Z

value	0.54969
scoring_system	epss
scoring_elements	0.98061
published_at	2026-04-16T12:55:00Z

value	0.54969
scoring_system	epss
scoring_elements	0.98062
published_at	2026-04-18T12:55:00Z

value	0.54969
scoring_system	epss
scoring_elements	0.98058
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18649

reference_url	https://security.archlinux.org/ASA-201810-16
reference_id	ASA-201810-16
reference_type
scores
url	https://security.archlinux.org/ASA-201810-16

reference_url

reference_id

AVG-794

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13291

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2018-18649

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j3h8-a8dz-nbc3

181

url VCID-j9jf-mxby-fyad

vulnerability_id VCID-j9jf-mxby-fyad

summary In GitLab before 13.2.3, project sharing could temporarily allow too permissive access.

references

reference_url

reference_id

reference_type

scores

value	0.00098
scoring_system	epss
scoring_elements	0.27082
published_at	2026-04-01T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27122
published_at	2026-04-02T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27159
published_at	2026-04-04T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.2695
published_at	2026-04-18T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27019
published_at	2026-04-08T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27064
published_at	2026-04-09T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27067
published_at	2026-04-11T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27023
published_at	2026-04-12T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26966
published_at	2026-04-13T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26975
published_at	2026-04-16T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26915
published_at	2026-04-21T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26867
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13291

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-13291

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j9jf-mxby-fyad

182

url VCID-jdp6-cnqf-rqge

vulnerability_id VCID-jdp6-cnqf-rqge

summary Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-1167

reference_id

reference_type

scores

value	0.00337
scoring_system	epss
scoring_elements	0.56491
published_at	2026-04-24T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56597
published_at	2026-04-11T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56572
published_at	2026-04-12T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56554
published_at	2026-04-13T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56585
published_at	2026-04-16T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56586
published_at	2026-04-18T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56556
published_at	2026-04-21T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56531
published_at	2026-04-07T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56582
published_at	2026-04-08T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56587
published_at	2026-04-09T12:55:00Z

value	0.00354
scoring_system	epss
scoring_elements	0.57731
published_at	2026-04-04T12:55:00Z

value	0.00354
scoring_system	epss
scoring_elements	0.57709
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-1167

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/392715

reference_id

392715

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:52:39Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/392715

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1167.json

reference_id

CVE-2023-1167.json

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:52:39Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1167.json

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-1167

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jdp6-cnqf-rqge

183

url VCID-jkdc-htqh-yfg2

vulnerability_id VCID-jkdc-htqh-yfg2

summary An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-16048

reference_id

reference_type

scores

value	0.00098
scoring_system	epss
scoring_elements	0.27113
published_at	2026-04-01T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27154
published_at	2026-04-02T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27191
published_at	2026-04-04T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26983
published_at	2026-04-18T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27052
published_at	2026-04-08T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27097
published_at	2026-04-09T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.271
published_at	2026-04-11T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27056
published_at	2026-04-12T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26999
published_at	2026-04-13T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27009
published_at	2026-04-16T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26947
published_at	2026-04-21T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26898
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-16048

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2018-16048

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jkdc-htqh-yfg2

184

url VCID-jpd6-w5ks-tbhs

vulnerability_id VCID-jpd6-w5ks-tbhs

summary Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3293

reference_id

reference_type

scores

value	0.00096
scoring_system	epss
scoring_elements	0.26519
published_at	2026-04-24T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26644
published_at	2026-04-16T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26615
published_at	2026-04-18T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26577
published_at	2026-04-21T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26792
published_at	2026-04-02T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26832
published_at	2026-04-04T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26616
published_at	2026-04-07T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26684
published_at	2026-04-08T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26734
published_at	2026-04-09T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26738
published_at	2026-04-11T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26694
published_at	2026-04-12T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26637
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3293

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/369008

reference_id

369008

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:39:21Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/369008

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3293.json

reference_id

CVE-2022-3293.json

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:39:21Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3293.json

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-3293

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jpd6-w5ks-tbhs

185

url VCID-jqfm-2td2-5uhn

vulnerability_id VCID-jqfm-2td2-5uhn

summary An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7353

reference_id

reference_type

scores

value	0.00142
scoring_system	epss
scoring_elements	0.34136
published_at	2026-04-01T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34475
published_at	2026-04-02T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34502
published_at	2026-04-04T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.3437
published_at	2026-04-07T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34412
published_at	2026-04-08T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34441
published_at	2026-04-09T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34444
published_at	2026-04-11T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34405
published_at	2026-04-12T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34381
published_at	2026-04-13T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34415
published_at	2026-04-16T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34402
published_at	2026-04-18T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34361
published_at	2026-04-21T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.33989
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7353

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-7353

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jqfm-2td2-5uhn

186

url VCID-jtrx-66ft-qug2

vulnerability_id VCID-jtrx-66ft-qug2

summary An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-3127

reference_id

reference_type

scores

value	0.00023
scoring_system	epss
scoring_elements	0.06395
published_at	2026-04-24T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06272
published_at	2026-04-12T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06261
published_at	2026-04-13T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06232
published_at	2026-04-18T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06381
published_at	2026-04-21T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06189
published_at	2026-04-02T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.0622
published_at	2026-04-16T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06201
published_at	2026-04-07T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06244
published_at	2026-04-08T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06285
published_at	2026-04-09T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06276
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-3127

reference_url

https://hackerone.com/reports/2395169

reference_id

2395169

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T16:35:21Z/

url

https://hackerone.com/reports/2395169

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/452640

reference_id

452640

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T16:35:21Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/452640

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-3127

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jtrx-66ft-qug2

187

url VCID-jveu-pq8w-eyc1

vulnerability_id VCID-jveu-pq8w-eyc1

summary GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of self-hosted AI models due to improper access control.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-1724

reference_id

reference_type

scores

value	0.00025
scoring_system	epss
scoring_elements	0.06887
published_at	2026-04-24T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06832
published_at	2026-04-12T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06826
published_at	2026-04-13T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06767
published_at	2026-04-16T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06759
published_at	2026-04-18T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06903
published_at	2026-04-21T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.0676
published_at	2026-04-04T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06745
published_at	2026-04-07T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06796
published_at	2026-04-08T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06835
published_at	2026-04-09T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06839
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.0721
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-1724

reference_url

https://hackerone.com/reports/3531412

reference_id

3531412

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:59:08Z/

url

https://hackerone.com/reports/3531412

reference_url

https://gitlab.com/gitlab-org/gitlab/-/work_items/588334

reference_id

588334

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:59:08Z/

url

https://gitlab.com/gitlab-org/gitlab/-/work_items/588334

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/

reference_id

patch-release-gitlab-18-10-1-released

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:59:08Z/

url

https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-1724

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jveu-pq8w-eyc1

188

url VCID-jxdj-djgu-f3f5

vulnerability_id VCID-jxdj-djgu-f3f5

summary A sensitive information leak issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows access to titles of private issue and MR.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3102

reference_id

reference_type

scores

value	0.0037
scoring_system	epss
scoring_elements	0.58846
published_at	2026-04-02T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58868
published_at	2026-04-04T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58836
published_at	2026-04-07T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58889
published_at	2026-04-08T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58895
published_at	2026-04-12T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58912
published_at	2026-04-11T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58875
published_at	2026-04-13T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64327
published_at	2026-04-16T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64338
published_at	2026-04-18T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64328
published_at	2026-04-21T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64348
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3102

reference_url

https://hackerone.com/reports/2012073

reference_id

2012073

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:25:32Z/

url

https://hackerone.com/reports/2012073

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/414269

reference_id

414269

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:25:32Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/414269

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-3102

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxdj-djgu-f3f5

189

url VCID-jzgz-q5qu-z3g5

vulnerability_id VCID-jzgz-q5qu-z3g5

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API endpoint.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-14592

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.03189
published_at	2026-04-02T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03231
published_at	2026-04-09T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03185
published_at	2026-04-11T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03158
published_at	2026-04-12T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03143
published_at	2026-04-13T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03116
published_at	2026-04-16T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03123
published_at	2026-04-18T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03199
published_at	2026-04-04T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03201
published_at	2026-04-07T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03205
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03577
published_at	2026-04-24T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.0357
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-14592

reference_url

https://hackerone.com/reports/3451435

reference_id

3451435

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:17:57Z/

url

https://hackerone.com/reports/3451435

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/583961

reference_id

583961

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:17:57Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/583961

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

reference_id

patch-release-gitlab-18-8-4-released

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:17:57Z/

url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-14592

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jzgz-q5qu-z3g5

190

url VCID-k1s1-es3u-h7dw

vulnerability_id VCID-k1s1-es3u-h7dw

summary Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19087

reference_id

reference_type

scores

value	0.00047
scoring_system	epss
scoring_elements	0.14357
published_at	2026-04-01T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14443
published_at	2026-04-02T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14512
published_at	2026-04-04T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.1432
published_at	2026-04-07T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14402
published_at	2026-04-08T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14457
published_at	2026-04-09T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14406
published_at	2026-04-11T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14369
published_at	2026-04-12T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14313
published_at	2026-04-13T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14203
published_at	2026-04-16T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14201
published_at	2026-04-18T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14273
published_at	2026-04-21T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14299
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19087

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-19087

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1s1-es3u-h7dw

191

url VCID-kag4-sj3m-w7fe

vulnerability_id VCID-kag4-sj3m-w7fe

summary An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5474

reference_id

reference_type

scores

value	0.00166
scoring_system	epss
scoring_elements	0.37647
published_at	2026-04-01T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37829
published_at	2026-04-02T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37854
published_at	2026-04-04T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37732
published_at	2026-04-07T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37783
published_at	2026-04-08T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37796
published_at	2026-04-09T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.3781
published_at	2026-04-11T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37775
published_at	2026-04-12T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.3775
published_at	2026-04-13T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37798
published_at	2026-04-16T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37778
published_at	2026-04-18T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37718
published_at	2026-04-21T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.3748
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5474

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-5474

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kag4-sj3m-w7fe

192

url VCID-kaqy-p6z3-zub9

vulnerability_id VCID-kaqy-p6z3-zub9

summary An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6168

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05754
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05713
published_at	2026-04-02T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06073
published_at	2026-04-24T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05923
published_at	2026-04-13T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05888
published_at	2026-04-16T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.059
published_at	2026-04-18T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06051
published_at	2026-04-21T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05882
published_at	2026-04-07T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05921
published_at	2026-04-08T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05959
published_at	2026-04-09T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.0594
published_at	2026-04-11T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05931
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6168

reference_url

https://hackerone.com/reports/3196745

reference_id

3196745

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:08:04Z/

url

https://hackerone.com/reports/3196745

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/549725

reference_id

549725

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:08:04Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/549725

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-6168

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kaqy-p6z3-zub9

193

url VCID-kbpk-h81g-g7dr

vulnerability_id VCID-kbpk-h81g-g7dr

summary An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22215

reference_id

reference_type

scores

value	0.00203
scoring_system	epss
scoring_elements	0.42312
published_at	2026-04-24T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42371
published_at	2026-04-01T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42442
published_at	2026-04-02T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42471
published_at	2026-04-04T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.4241
published_at	2026-04-07T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42461
published_at	2026-04-08T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42468
published_at	2026-04-09T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.4249
published_at	2026-04-11T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42453
published_at	2026-04-12T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42423
published_at	2026-04-13T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42472
published_at	2026-04-16T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42447
published_at	2026-04-18T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42376
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22215

reference_url

https://security.archlinux.org/AVG-2045

reference_id

AVG-2045

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2045

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-22215

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kbpk-h81g-g7dr

194

url VCID-kdta-5zc6-zyf1

vulnerability_id VCID-kdta-5zc6-zyf1

summary An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1257

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.22834
published_at	2026-04-21T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22671
published_at	2026-04-24T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23397
published_at	2026-04-09T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23378
published_at	2026-04-12T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23325
published_at	2026-04-13T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23342
published_at	2026-04-16T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23336
published_at	2026-04-18T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.2349
published_at	2026-04-04T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23274
published_at	2026-04-07T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23347
published_at	2026-04-08T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23452
published_at	2026-04-02T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23416
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1257

reference_url

https://hackerone.com/reports/2984218

reference_id

2984218

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:44:00Z/

url

https://hackerone.com/reports/2984218

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/519348

reference_id

519348

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:44:00Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/519348

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-1257

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kdta-5zc6-zyf1

195

url VCID-kfs2-muqh-wqba

vulnerability_id VCID-kfs2-muqh-wqba

summary GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-13781

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.01057
published_at	2026-04-24T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.00996
published_at	2026-04-13T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.0099
published_at	2026-04-16T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01056
published_at	2026-04-21T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01002
published_at	2026-04-02T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01004
published_at	2026-04-04T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01011
published_at	2026-04-07T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01016
published_at	2026-04-08T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01014
published_at	2026-04-09T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01
published_at	2026-04-18T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.00995
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-13781

reference_url

https://hackerone.com/reports/3400940

reference_id

3400940

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:12:40Z/

url

https://hackerone.com/reports/3400940

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/578756

reference_id

578756

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:12:40Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/578756

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/

reference_id

patch-release-gitlab-18-7-1-released

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:12:40Z/

url

https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-13781

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kfs2-muqh-wqba

196

url VCID-kh8b-dvkw-g3es

vulnerability_id VCID-kh8b-dvkw-g3es

summary An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions.

references

reference_url	https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-15732

reference_id

reference_type

scores

value	0.00264
scoring_system	epss
scoring_elements	0.49883
published_at	2026-04-24T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49897
published_at	2026-04-21T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49823
published_at	2026-04-01T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.4986
published_at	2026-04-02T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49888
published_at	2026-04-04T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49839
published_at	2026-04-07T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49894
published_at	2026-04-08T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49887
published_at	2026-04-09T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49905
published_at	2026-04-11T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49877
published_at	2026-04-12T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49879
published_at	2026-04-13T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49924
published_at	2026-04-16T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.49925
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-15732

reference_url	https://gitlab.com/gitlab-org/gitlab-ce/issues/57015
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/gitlab-ce/issues/57015

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-15732

reference_id

CVE-2019-15732

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-15732

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-15732

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kh8b-dvkw-g3es

197

url VCID-knfs-y7wa-g7dh

vulnerability_id VCID-knfs-y7wa-g7dh

summary An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-7296

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.03907
published_at	2026-04-21T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03918
published_at	2026-04-24T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05759
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0573
published_at	2026-04-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05724
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05679
published_at	2026-04-16T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0569
published_at	2026-04-18T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05661
published_at	2026-04-02T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.057
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05693
published_at	2026-04-07T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05733
published_at	2026-04-08T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05737
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-7296

reference_url

https://hackerone.com/reports/2602274

reference_id

2602274

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:43:26Z/

url

https://hackerone.com/reports/2602274

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/475056

reference_id

475056

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:43:26Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/475056

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-7296

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-knfs-y7wa-g7dh

198

url VCID-kqzh-fr6z-33bs

vulnerability_id VCID-kqzh-fr6z-33bs

summary An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4255

reference_id

reference_type

scores

value	0.00136
scoring_system	epss
scoring_elements	0.33183
published_at	2026-04-24T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33395
published_at	2026-04-16T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33371
published_at	2026-04-18T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33339
published_at	2026-04-21T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33469
published_at	2026-04-02T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33501
published_at	2026-04-04T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33342
published_at	2026-04-07T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33387
published_at	2026-04-08T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33421
published_at	2026-04-09T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33425
published_at	2026-04-11T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33384
published_at	2026-04-12T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33361
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4255

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/373819

reference_id

373819

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:16:57Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/373819

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4255.json

reference_id

CVE-2022-4255.json

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:16:57Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4255.json

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-4255

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kqzh-fr6z-33bs

199

url VCID-kr4u-4ydq-ckh5

vulnerability_id VCID-kr4u-4ydq-ckh5

summary An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-11669

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02373
published_at	2026-04-13T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02358
published_at	2026-04-16T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02377
published_at	2026-04-02T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02388
published_at	2026-04-04T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02385
published_at	2026-04-07T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02389
published_at	2026-04-08T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02409
published_at	2026-04-09T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02386
published_at	2026-04-11T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02374
published_at	2026-04-12T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04914
published_at	2026-04-24T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04733
published_at	2026-04-18T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04877
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-11669

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/501528

reference_id

501528

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-26T20:01:16Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/501528

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-11669

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kr4u-4ydq-ckh5

200

url VCID-kss4-sva8-uffa

vulnerability_id VCID-kss4-sva8-uffa

summary GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19582

reference_id

reference_type

scores

value	0.00101
scoring_system	epss
scoring_elements	0.28003
published_at	2026-04-01T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.28075
published_at	2026-04-02T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.28117
published_at	2026-04-04T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27912
published_at	2026-04-07T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27979
published_at	2026-04-08T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.2802
published_at	2026-04-09T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.28023
published_at	2026-04-11T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.2798
published_at	2026-04-12T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27921
published_at	2026-04-13T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27932
published_at	2026-04-16T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27914
published_at	2026-04-18T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27872
published_at	2026-04-21T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27787
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19582

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2018-19582

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kss4-sva8-uffa

201

url VCID-kuqh-mbt8-qye9

vulnerability_id VCID-kuqh-mbt8-qye9

summary Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-7316

reference_id

reference_type

scores

value	0.01306
scoring_system	epss
scoring_elements	0.79717
published_at	2026-04-01T12:55:00Z

value	0.01306
scoring_system	epss
scoring_elements	0.79724
published_at	2026-04-02T12:55:00Z

value	0.01306
scoring_system	epss
scoring_elements	0.79746
published_at	2026-04-04T12:55:00Z

value	0.01306
scoring_system	epss
scoring_elements	0.79731
published_at	2026-04-07T12:55:00Z

value	0.01306
scoring_system	epss
scoring_elements	0.7976
published_at	2026-04-08T12:55:00Z

value	0.01306
scoring_system	epss
scoring_elements	0.79767
published_at	2026-04-09T12:55:00Z

value	0.01306
scoring_system	epss
scoring_elements	0.79788
published_at	2026-04-11T12:55:00Z

value	0.01306
scoring_system	epss
scoring_elements	0.79772
published_at	2026-04-12T12:55:00Z

value	0.01306
scoring_system	epss
scoring_elements	0.79765
published_at	2026-04-13T12:55:00Z

value	0.01306
scoring_system	epss
scoring_elements	0.79793
published_at	2026-04-16T12:55:00Z

value	0.01306
scoring_system	epss
scoring_elements	0.79794
published_at	2026-04-18T12:55:00Z

value	0.01306
scoring_system	epss
scoring_elements	0.79798
published_at	2026-04-21T12:55:00Z

value	0.01306
scoring_system	epss
scoring_elements	0.79827
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-7316

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30329.sh
reference_id	CVE-2013-7316;OSVDB-102473
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30329.sh

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2013-7316

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kuqh-mbt8-qye9

202

url VCID-kv3d-2k6f-z3db

vulnerability_id VCID-kv3d-2k6f-z3db

summary An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-8180

reference_id

reference_type

scores

value	0.02943
scoring_system	epss
scoring_elements	0.86386
published_at	2026-04-02T12:55:00Z

value	0.02943
scoring_system	epss
scoring_elements	0.86403
published_at	2026-04-04T12:55:00Z

value	0.03053
scoring_system	epss
scoring_elements	0.86714
published_at	2026-04-21T12:55:00Z

value	0.03053
scoring_system	epss
scoring_elements	0.86731
published_at	2026-04-24T12:55:00Z

value	0.03053
scoring_system	epss
scoring_elements	0.8672
published_at	2026-04-18T12:55:00Z

value	0.03944
scoring_system	epss
scoring_elements	0.88318
published_at	2026-04-07T12:55:00Z

value	0.03944
scoring_system	epss
scoring_elements	0.88338
published_at	2026-04-08T12:55:00Z

value	0.03944
scoring_system	epss
scoring_elements	0.88344
published_at	2026-04-09T12:55:00Z

value	0.03944
scoring_system	epss
scoring_elements	0.88355
published_at	2026-04-11T12:55:00Z

value	0.03944
scoring_system	epss
scoring_elements	0.88346
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-8180

reference_url

https://hackerone.com/reports/2654010

reference_id

2654010

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-14T18:53:46Z/

url

https://hackerone.com/reports/2654010

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/480720

reference_id

480720

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-14T18:53:46Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/480720

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#html-injection-in-vulnerability-code-flow-could-lead-to-xss-on-self-hosted-instances

reference_id

#html-injection-in-vulnerability-code-flow-could-lead-to-xss-on-self-hosted-instances

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-14T18:53:46Z/

url

https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#html-injection-in-vulnerability-code-flow-could-lead-to-xss-on-self-hosted-instances

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-8180

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kv3d-2k6f-z3db

203

url VCID-kvfv-7g9n-ybhb

vulnerability_id VCID-kvfv-7g9n-ybhb

summary An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-6833

reference_id

reference_type

scores

value	0.00061
scoring_system	epss
scoring_elements	0.1908
published_at	2026-04-01T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19215
published_at	2026-04-02T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19267
published_at	2026-04-04T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18983
published_at	2026-04-07T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19062
published_at	2026-04-08T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19116
published_at	2026-04-09T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19122
published_at	2026-04-11T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19075
published_at	2026-04-12T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19023
published_at	2026-04-13T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18979
published_at	2026-04-16T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18991
published_at	2026-04-18T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18997
published_at	2026-04-21T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18889
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-6833

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-6833

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kvfv-7g9n-ybhb

204

url VCID-m27b-sk6s-pbdv

vulnerability_id VCID-m27b-sk6s-pbdv

summary GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19584

reference_id

reference_type

scores

value	0.00199
scoring_system	epss
scoring_elements	0.41907
published_at	2026-04-21T12:55:00Z

value	0.00199
scoring_system	epss
scoring_elements	0.41969
published_at	2026-04-12T12:55:00Z

value	0.00199
scoring_system	epss
scoring_elements	0.41997
published_at	2026-04-04T12:55:00Z

value	0.00199
scoring_system	epss
scoring_elements	0.41923
published_at	2026-04-07T12:55:00Z

value	0.00199
scoring_system	epss
scoring_elements	0.41973
published_at	2026-04-08T12:55:00Z

value	0.00199
scoring_system	epss
scoring_elements	0.41985
published_at	2026-04-09T12:55:00Z

value	0.00199
scoring_system	epss
scoring_elements	0.42007
published_at	2026-04-11T12:55:00Z

value	0.00199
scoring_system	epss
scoring_elements	0.41955
published_at	2026-04-13T12:55:00Z

value	0.00199
scoring_system	epss
scoring_elements	0.42004
published_at	2026-04-16T12:55:00Z

value	0.00199
scoring_system	epss
scoring_elements	0.41977
published_at	2026-04-18T12:55:00Z

value	0.00199
scoring_system	epss
scoring_elements	0.41846
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19584

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2018-19584

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m27b-sk6s-pbdv

205

url VCID-m2ug-suua-jqbn

vulnerability_id VCID-m2ug-suua-jqbn

summary An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3484

reference_id

reference_type

scores

value	0.00107
scoring_system	epss
scoring_elements	0.28983
published_at	2026-04-02T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.29033
published_at	2026-04-04T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.2884
published_at	2026-04-07T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28907
published_at	2026-04-08T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28948
published_at	2026-04-09T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28952
published_at	2026-04-11T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28909
published_at	2026-04-12T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28859
published_at	2026-04-13T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33022
published_at	2026-04-16T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32999
published_at	2026-04-18T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32962
published_at	2026-04-21T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32816
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3484

reference_url

https://hackerone.com/reports/2035687

reference_id

2035687

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-24T18:14:49Z/

url

https://hackerone.com/reports/2035687

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/416773

reference_id

416773

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-24T18:14:49Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/416773

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-3484

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m2ug-suua-jqbn

206

url VCID-m5dj-vp9f-9kgu

vulnerability_id VCID-m5dj-vp9f-9kgu

summary An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-2743

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.1177
published_at	2026-04-24T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11821
published_at	2026-04-13T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11686
published_at	2026-04-16T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11685
published_at	2026-04-18T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11802
published_at	2026-04-21T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11907
published_at	2026-04-02T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11953
published_at	2026-04-04T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11741
published_at	2026-04-07T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11824
published_at	2026-04-08T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11876
published_at	2026-04-09T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11887
published_at	2026-04-11T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11849
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-2743

reference_url

https://hackerone.com/reports/2411756

reference_id

2411756

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:21:58Z/

url

https://hackerone.com/reports/2411756

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/451014

reference_id

451014

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:21:58Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/451014

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-2743

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5dj-vp9f-9kgu

207

url VCID-m65e-u5fc-2qch

vulnerability_id VCID-m65e-u5fc-2qch

summary GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19256

reference_id

reference_type

scores

value	0.00075
scoring_system	epss
scoring_elements	0.22526
published_at	2026-04-01T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22698
published_at	2026-04-02T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22743
published_at	2026-04-04T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22531
published_at	2026-04-07T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22609
published_at	2026-04-08T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22662
published_at	2026-04-09T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2268
published_at	2026-04-11T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22639
published_at	2026-04-12T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22583
published_at	2026-04-13T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22598
published_at	2026-04-16T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22594
published_at	2026-04-18T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22544
published_at	2026-04-21T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22393
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19256

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-19256

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m65e-u5fc-2qch

208

url VCID-m6xk-sttj-tfh3

vulnerability_id VCID-m6xk-sttj-tfh3

summary In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.

references

reference_url	https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/

reference_url	https://about.gitlab.com/releases/categories/releases/
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/categories/releases/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10953

reference_id

reference_type

scores

value	0.00102
scoring_system	epss
scoring_elements	0.27873
published_at	2026-04-24T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.27956
published_at	2026-04-21T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28085
published_at	2026-04-01T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28158
published_at	2026-04-02T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28201
published_at	2026-04-04T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.27996
published_at	2026-04-07T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28063
published_at	2026-04-08T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28106
published_at	2026-04-09T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28113
published_at	2026-04-11T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.2807
published_at	2026-04-12T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28013
published_at	2026-04-13T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28021
published_at	2026-04-16T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28005
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10953

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10953

reference_id

CVE-2020-10953

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10953

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-10953

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m6xk-sttj-tfh3

209

url VCID-m7xu-jxu6-nbh4

vulnerability_id VCID-m7xu-jxu6-nbh4

summary An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. When specific encoded characters were added to comments, the comments section would become inaccessible. It has Incorrect Access Control (issue 1 of 2).

references

reference_url	https://about.gitlab.com/blog/categories/releases/
reference_id
reference_type
scores
url	https://about.gitlab.com/blog/categories/releases/

reference_url	https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-13004

reference_id

reference_type

scores

value	0.00158
scoring_system	epss
scoring_elements	0.36321
published_at	2026-04-24T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36545
published_at	2026-04-21T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36516
published_at	2026-04-01T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36688
published_at	2026-04-02T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.3672
published_at	2026-04-04T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36558
published_at	2026-04-07T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36609
published_at	2026-04-08T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36628
published_at	2026-04-09T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36635
published_at	2026-04-11T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36601
published_at	2026-04-12T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36577
published_at	2026-04-13T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36623
published_at	2026-04-16T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36606
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-13004

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-13004

reference_id

CVE-2019-13004

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://nvd.nist.gov/vuln/detail/CVE-2019-13004

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-13004

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m7xu-jxu6-nbh4

210

url VCID-mjvv-ykfw-m3h8

vulnerability_id VCID-mjvv-ykfw-m3h8

summary An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-2182

reference_id

reference_type

scores

value	0.00401
scoring_system	epss
scoring_elements	0.60765
published_at	2026-04-24T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60745
published_at	2026-04-13T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60787
published_at	2026-04-16T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60792
published_at	2026-04-18T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60694
published_at	2026-04-02T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60723
published_at	2026-04-04T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60689
published_at	2026-04-07T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60737
published_at	2026-04-08T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60753
published_at	2026-04-09T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60777
published_at	2026-04-21T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60764
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-2182

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/403012

reference_id

403012

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:50:39Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/403012

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2182.json

reference_id

CVE-2023-2182.json

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:50:39Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2182.json

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-2182

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mjvv-ykfw-m3h8

211

url VCID-mrh6-g3dm-wygr

vulnerability_id VCID-mrh6-g3dm-wygr

summary An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to introduce malicious code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-8402

reference_id

reference_type

scores

value	0.00045
scoring_system	epss
scoring_elements	0.1372
published_at	2026-04-21T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13732
published_at	2026-04-24T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.251
published_at	2026-04-09T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25074
published_at	2026-04-12T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25019
published_at	2026-04-13T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25028
published_at	2026-04-16T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.2502
published_at	2026-04-18T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25175
published_at	2026-04-02T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25216
published_at	2026-04-04T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24987
published_at	2026-04-07T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25055
published_at	2026-04-08T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25114
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-8402

reference_url

https://hackerone.com/reports/2601569

reference_id

2601569

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-13T19:38:50Z/

url

https://hackerone.com/reports/2601569

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/482813

reference_id

482813

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-13T19:38:50Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/482813

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-8402

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mrh6-g3dm-wygr

212

url VCID-murb-w75s-fuc7

vulnerability_id VCID-murb-w75s-fuc7

summary An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3950

reference_id

reference_type

scores

value	0.00046
scoring_system	epss
scoring_elements	0.14195
published_at	2026-04-24T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14088
published_at	2026-04-16T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14087
published_at	2026-04-18T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14162
published_at	2026-04-21T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14338
published_at	2026-04-02T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14403
published_at	2026-04-04T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14209
published_at	2026-04-07T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14292
published_at	2026-04-11T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14346
published_at	2026-04-09T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14253
published_at	2026-04-12T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14198
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3950

reference_url

https://hackerone.com/reports/2079154

reference_id

2079154

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T13:26:30Z/

url

https://hackerone.com/reports/2079154

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/419675

reference_id

419675

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T13:26:30Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/419675

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-3950

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-murb-w75s-fuc7

213

url VCID-mv6y-2tud-8fd3

vulnerability_id VCID-mv6y-2tud-8fd3

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections in the Git repository import functionality.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-12073

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.01966
published_at	2026-04-02T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0198
published_at	2026-04-08T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01996
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01964
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0196
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0194
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01942
published_at	2026-04-18T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01979
published_at	2026-04-11T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05185
published_at	2026-04-24T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05157
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-12073

reference_url

https://hackerone.com/reports/3314987

reference_id

3314987

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:14:41Z/

url

https://hackerone.com/reports/3314987

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/578091

reference_id

578091

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:14:41Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/578091

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

reference_id

patch-release-gitlab-18-8-4-released

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:14:41Z/

url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-12073

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mv6y-2tud-8fd3

214

url VCID-mwwz-cchk-xqef

vulnerability_id VCID-mwwz-cchk-xqef

summary The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18843

reference_id

reference_type

scores

value	0.0025
scoring_system	epss
scoring_elements	0.48383
published_at	2026-04-24T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.4833
published_at	2026-04-01T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48365
published_at	2026-04-02T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48386
published_at	2026-04-04T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48338
published_at	2026-04-07T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48393
published_at	2026-04-08T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48387
published_at	2026-04-09T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48411
published_at	2026-04-11T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48385
published_at	2026-04-12T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48397
published_at	2026-04-21T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48448
published_at	2026-04-16T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48443
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18843

reference_url

reference_id

AVG-802

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2026-1747

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2018-18843

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mwwz-cchk-xqef

215

url VCID-mxr8-bvf9-3bgk

vulnerability_id VCID-mxr8-bvf9-3bgk

summary GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packages.

references

reference_url

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01881
published_at	2026-04-24T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01809
published_at	2026-04-16T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01807
published_at	2026-04-18T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01888
published_at	2026-04-21T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01827
published_at	2026-04-02T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01838
published_at	2026-04-04T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.0184
published_at	2026-04-07T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01844
published_at	2026-04-08T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01858
published_at	2026-04-09T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01845
published_at	2026-04-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.0183
published_at	2026-04-12T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01825
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-1747

reference_url

https://hackerone.com/reports/3533088

reference_id

3533088

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:38:24Z/

url

https://hackerone.com/reports/3533088

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/588385

reference_id

588385

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:38:24Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/588385

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/

reference_id

patch-release-gitlab-18-9-1-released

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:38:24Z/

url

https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-1747

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mxr8-bvf9-3bgk

216

url VCID-mxwg-91tm-p3ha

vulnerability_id VCID-mxwg-91tm-p3ha

summary Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22185

reference_id

reference_type

scores

value	0.0017
scoring_system	epss
scoring_elements	0.38002
published_at	2026-04-24T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38161
published_at	2026-04-01T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38298
published_at	2026-04-02T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38321
published_at	2026-04-04T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.3819
published_at	2026-04-07T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.3824
published_at	2026-04-08T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38248
published_at	2026-04-09T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38267
published_at	2026-04-11T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38231
published_at	2026-04-12T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38207
published_at	2026-04-13T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38254
published_at	2026-04-16T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38234
published_at	2026-04-18T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38166
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22185

reference_url

https://security.archlinux.org/AVG-1648

reference_id

AVG-1648

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1648

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-22185

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mxwg-91tm-p3ha

217

url VCID-n9ub-7759-k3av

vulnerability_id VCID-n9ub-7759-k3av

summary GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input.

references

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10075

reference_id

reference_type

scores

value	0.001
scoring_system	epss
scoring_elements	0.27627
published_at	2026-04-24T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27679
published_at	2026-04-21T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27836
published_at	2026-04-11T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27887
published_at	2026-04-02T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27928
published_at	2026-04-04T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27721
published_at	2026-04-07T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27789
published_at	2026-04-08T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27831
published_at	2026-04-09T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27795
published_at	2026-04-12T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27738
published_at	2026-04-13T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27744
published_at	2026-04-16T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27719
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10075

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10075

reference_id

CVE-2020-10075

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10075

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-10075

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9ub-7759-k3av

218

url VCID-nahr-4ht9-eqc4

vulnerability_id VCID-nahr-4ht9-eqc4

summary Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: >=13.3, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-26406

reference_id

reference_type

scores

value	0.00269
scoring_system	epss
scoring_elements	0.50338
published_at	2026-04-01T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50393
published_at	2026-04-02T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50423
published_at	2026-04-04T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50375
published_at	2026-04-07T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50429
published_at	2026-04-08T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50422
published_at	2026-04-09T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50463
published_at	2026-04-11T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.5044
published_at	2026-04-12T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50425
published_at	2026-04-13T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50468
published_at	2026-04-16T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50472
published_at	2026-04-18T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50449
published_at	2026-04-21T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50394
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-26406

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-26406

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nahr-4ht9-eqc4

219

url VCID-nd6x-k1j2-hbg7

vulnerability_id VCID-nd6x-k1j2-hbg7

summary An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsanitized content in a way that could have allowed an attacker to hide prompt injection.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-4099

reference_id

reference_type

scores

value	0.00075
scoring_system	epss
scoring_elements	0.22433
published_at	2026-04-24T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22623
published_at	2026-04-13T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2264
published_at	2026-04-16T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22636
published_at	2026-04-18T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22588
published_at	2026-04-21T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2274
published_at	2026-04-02T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22784
published_at	2026-04-04T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22574
published_at	2026-04-07T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2265
published_at	2026-04-08T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22701
published_at	2026-04-09T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2272
published_at	2026-04-11T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22681
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-4099

reference_url

https://hackerone.com/reports/2459597

reference_id

2459597

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T15:48:40Z/

url

https://hackerone.com/reports/2459597

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/457798

reference_id

457798

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T15:48:40Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/457798

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-4099

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nd6x-k1j2-hbg7

220

url VCID-nm3h-6p78-skgt

vulnerability_id VCID-nm3h-6p78-skgt

summary An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18644

reference_id

reference_type

scores

value	0.00113
scoring_system	epss
scoring_elements	0.29702
published_at	2026-04-24T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29915
published_at	2026-04-01T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29958
published_at	2026-04-02T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.30006
published_at	2026-04-04T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29818
published_at	2026-04-07T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29881
published_at	2026-04-08T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29916
published_at	2026-04-09T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29922
published_at	2026-04-11T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29876
published_at	2026-04-12T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29827
published_at	2026-04-13T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29845
published_at	2026-04-16T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29825
published_at	2026-04-18T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29778
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18644

reference_url

reference_id

AVG-802

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2024-10925

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2018-18644

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nm3h-6p78-skgt

221

url VCID-ny29-g19v-2ydm

vulnerability_id VCID-ny29-g19v-2ydm

summary A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML

references

reference_url

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02462
published_at	2026-04-11T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02802
published_at	2026-04-09T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03685
published_at	2026-04-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03688
published_at	2026-04-08T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04119
published_at	2026-04-24T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.03985
published_at	2026-04-13T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.03968
published_at	2026-04-16T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.0398
published_at	2026-04-18T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04105
published_at	2026-04-21T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05929
published_at	2026-04-12T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08581
published_at	2026-04-02T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08633
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-10925

reference_url

https://hackerone.com/reports/2818270

reference_id

2818270

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T12:03:27Z/

url

https://hackerone.com/reports/2818270

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/502857

reference_id

502857

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T12:03:27Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/502857

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-10925

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ny29-g19v-2ydm

222

url VCID-nz87-cedm-f7gb

vulnerability_id VCID-nz87-cedm-f7gb

summary GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.

references

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10083

reference_id

reference_type

scores

value	0.00053
scoring_system	epss
scoring_elements	0.16536
published_at	2026-04-24T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16635
published_at	2026-04-21T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16617
published_at	2026-04-01T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.1679
published_at	2026-04-02T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16847
published_at	2026-04-04T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16632
published_at	2026-04-07T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16716
published_at	2026-04-08T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.1677
published_at	2026-04-09T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.1675
published_at	2026-04-11T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16707
published_at	2026-04-12T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16651
published_at	2026-04-13T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16588
published_at	2026-04-16T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16596
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10083

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10083

reference_id

CVE-2020-10083

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:N

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10083

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-10083

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nz87-cedm-f7gb

223

url VCID-p14q-utts-57fn

vulnerability_id VCID-p14q-utts-57fn

summary A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22252

reference_id

reference_type

scores

value	0.00266
scoring_system	epss
scoring_elements	0.50053
published_at	2026-04-01T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50088
published_at	2026-04-02T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50115
published_at	2026-04-04T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50065
published_at	2026-04-07T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50119
published_at	2026-04-08T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50113
published_at	2026-04-09T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.5013
published_at	2026-04-11T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50103
published_at	2026-04-12T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.501
published_at	2026-04-13T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50145
published_at	2026-04-18T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50117
published_at	2026-04-21T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50104
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22252

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-22252

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p14q-utts-57fn

224

url VCID-p16v-az7h-hfcv

vulnerability_id VCID-p16v-az7h-hfcv

summary An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers to view membership of private groups.

references

reference_url	https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-6996

reference_id

reference_type

scores

value	0.00098
scoring_system	epss
scoring_elements	0.26756
published_at	2026-04-24T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26814
published_at	2026-04-21T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26986
published_at	2026-04-01T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27027
published_at	2026-04-02T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27064
published_at	2026-04-04T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26854
published_at	2026-04-07T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26923
published_at	2026-04-08T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.2697
published_at	2026-04-09T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26974
published_at	2026-04-11T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26929
published_at	2026-04-12T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26871
published_at	2026-04-13T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26882
published_at	2026-04-16T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26853
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-6996

reference_url	https://gitlab.com/gitlab-org/gitlab-ee/issues/8187
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/gitlab-ee/issues/8187

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-6996

reference_id

CVE-2019-6996

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:N/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-6996

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-6996

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p16v-az7h-hfcv

225

url VCID-p1mg-gxy6-huhs

vulnerability_id VCID-p1mg-gxy6-huhs

summary GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page.

references

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10073

reference_id

reference_type

scores

value	0.00107
scoring_system	epss
scoring_elements	0.28678
published_at	2026-04-24T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28789
published_at	2026-04-21T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28889
published_at	2026-04-01T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28964
published_at	2026-04-02T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.29014
published_at	2026-04-04T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.2882
published_at	2026-04-07T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28888
published_at	2026-04-08T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28929
published_at	2026-04-09T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28933
published_at	2026-04-11T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.2889
published_at	2026-04-12T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.2884
published_at	2026-04-13T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28861
published_at	2026-04-16T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28838
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10073

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10073

reference_id

CVE-2020-10073

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10073

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-10073

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p1mg-gxy6-huhs

226

url VCID-p8tn-npna-z3dk

vulnerability_id VCID-p8tn-npna-z3dk

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content intended only for project members by authenticating through OAuth providers.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-7736

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.01434
published_at	2026-04-21T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01355
published_at	2026-04-18T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.0134
published_at	2026-04-16T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01443
published_at	2026-04-24T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01493
published_at	2026-04-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01486
published_at	2026-04-13T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06228
published_at	2026-04-07T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06248
published_at	2026-04-04T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06217
published_at	2026-04-02T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06272
published_at	2026-04-08T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06313
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-7736

reference_url

https://hackerone.com/reports/3250156

reference_id

3250156

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T20:13:09Z/

url

https://hackerone.com/reports/3250156

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/556098

reference_id

556098

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T20:13:09Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/556098

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/

reference_id

patch-release-gitlab-18-5-2-released

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T20:13:09Z/

url

https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-7736

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p8tn-npna-z3dk

227

url VCID-pqxu-xqtk-9qg3

vulnerability_id VCID-pqxu-xqtk-9qg3

summary GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API endpoint.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-1080

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.03341
published_at	2026-04-02T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03388
published_at	2026-04-09T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03346
published_at	2026-04-11T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03318
published_at	2026-04-12T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03297
published_at	2026-04-13T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03273
published_at	2026-04-16T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03283
published_at	2026-04-18T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03353
published_at	2026-04-04T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03363
published_at	2026-04-07T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03367
published_at	2026-04-08T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04658
published_at	2026-04-24T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04616
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-1080

reference_url

https://hackerone.com/reports/3484568

reference_id

3484568

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:35:19Z/

url

https://hackerone.com/reports/3484568

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/586477

reference_id

586477

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:35:19Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/586477

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

reference_id

patch-release-gitlab-18-8-4-released

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:35:19Z/

url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-1080

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pqxu-xqtk-9qg3

228

url VCID-psuk-hqte-gfb1

vulnerability_id VCID-psuk-hqte-gfb1

summary Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19088

reference_id

reference_type

scores

value	0.00102
scoring_system	epss
scoring_elements	0.28076
published_at	2026-04-01T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28148
published_at	2026-04-02T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28192
published_at	2026-04-04T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.27987
published_at	2026-04-07T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28055
published_at	2026-04-08T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28097
published_at	2026-04-09T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28105
published_at	2026-04-11T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28062
published_at	2026-04-12T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28004
published_at	2026-04-13T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28012
published_at	2026-04-16T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.27995
published_at	2026-04-18T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.27946
published_at	2026-04-21T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.27863
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19088

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-19088

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-psuk-hqte-gfb1

229

url VCID-ptmj-qh5m-9qhy

vulnerability_id VCID-ptmj-qh5m-9qhy

summary An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-4700

reference_id

reference_type

scores

value	6e-05
scoring_system	epss
scoring_elements	0.00421
published_at	2026-04-24T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.0039
published_at	2026-04-16T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00394
published_at	2026-04-18T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.0042
published_at	2026-04-21T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00411
published_at	2026-04-02T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.0041
published_at	2026-04-04T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00403
published_at	2026-04-07T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.004
published_at	2026-04-08T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00401
published_at	2026-04-11T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00398
published_at	2026-04-12T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00396
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4700

reference_url

https://hackerone.com/reports/2129826

reference_id

2129826

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:01:29Z/

url

https://hackerone.com/reports/2129826

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/421937

reference_id

421937

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:01:29Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/421937

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-4700

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ptmj-qh5m-9qhy

230

url VCID-pugs-22tq-pqhm

vulnerability_id VCID-pugs-22tq-pqhm

summary Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2235

reference_id

reference_type

scores

value	0.0031
scoring_system	epss
scoring_elements	0.54128
published_at	2026-04-02T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54158
published_at	2026-04-04T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54134
published_at	2026-04-07T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54186
published_at	2026-04-08T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54183
published_at	2026-04-24T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54233
published_at	2026-04-11T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54215
published_at	2026-04-12T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54194
published_at	2026-04-13T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54232
published_at	2026-04-16T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54236
published_at	2026-04-18T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54218
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2235

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-2235

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pugs-22tq-pqhm

231

url VCID-pusc-mrtk-vygq

vulnerability_id VCID-pusc-mrtk-vygq

summary A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1940

reference_id

reference_type

scores

value	0.00175
scoring_system	epss
scoring_elements	0.38856
published_at	2026-04-01T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38989
published_at	2026-04-02T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.39008
published_at	2026-04-04T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38939
published_at	2026-04-07T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38992
published_at	2026-04-08T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.39006
published_at	2026-04-09T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.39019
published_at	2026-04-11T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38982
published_at	2026-04-12T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38955
published_at	2026-04-13T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.39003
published_at	2026-04-16T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38983
published_at	2026-04-18T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38899
published_at	2026-04-21T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38736
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1940

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-1940

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pusc-mrtk-vygq

232

url VCID-pya3-sxre-quff

vulnerability_id VCID-pya3-sxre-quff

summary GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute unauthorized quick actions by including malicious commands in specific descriptions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-11989

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.01227
published_at	2026-04-24T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01153
published_at	2026-04-13T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01142
published_at	2026-04-16T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01154
published_at	2026-04-18T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01223
published_at	2026-04-21T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01163
published_at	2026-04-07T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01169
published_at	2026-04-08T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.0117
published_at	2026-04-09T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01156
published_at	2026-04-11T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.0115
published_at	2026-04-12T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00845
published_at	2026-04-04T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00844
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-11989

reference_url

https://gitlab.com/gitlab-org/security/gitlab/-/issues/1426

reference_id

1426

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T14:44:38Z/

url

https://gitlab.com/gitlab-org/security/gitlab/-/issues/1426

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/

reference_id

patch-release-gitlab-18-5-1-released

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T14:44:38Z/

url

https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-11989

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pya3-sxre-quff

233

url VCID-q17s-vtzg-rycn

vulnerability_id VCID-q17s-vtzg-rycn

summary GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace

references

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10084

reference_id

reference_type

scores

value	0.00075
scoring_system	epss
scoring_elements	0.22393
published_at	2026-04-24T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22544
published_at	2026-04-21T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22526
published_at	2026-04-01T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22698
published_at	2026-04-02T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22743
published_at	2026-04-04T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22531
published_at	2026-04-07T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22609
published_at	2026-04-08T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22662
published_at	2026-04-09T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2268
published_at	2026-04-11T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22639
published_at	2026-04-12T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22583
published_at	2026-04-13T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22598
published_at	2026-04-16T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22594
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10084

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10084

reference_id

CVE-2020-10084

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10084

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-10084

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q17s-vtzg-rycn

234

url VCID-q8sm-1nrb-wfej

vulnerability_id VCID-q8sm-1nrb-wfej

summary A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39885

reference_id

reference_type

scores

value	0.00217
scoring_system	epss
scoring_elements	0.44141
published_at	2026-04-24T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44179
published_at	2026-04-01T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44244
published_at	2026-04-02T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44267
published_at	2026-04-04T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.442
published_at	2026-04-07T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44251
published_at	2026-04-08T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44256
published_at	2026-04-09T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44274
published_at	2026-04-11T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44242
published_at	2026-04-13T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44301
published_at	2026-04-16T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44292
published_at	2026-04-18T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44219
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39885

reference_url

reference_id

AVG-2432

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6195

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-39885

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8sm-1nrb-wfej

235

url VCID-qbnp-1usq-cfa1

vulnerability_id VCID-qbnp-1usq-cfa1

summary GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain configuration conditions.

references

reference_url

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.01099
published_at	2026-04-24T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.0342
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03352
published_at	2026-04-13T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03329
published_at	2026-04-16T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03341
published_at	2026-04-18T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03459
published_at	2026-04-21T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03401
published_at	2026-04-04T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03418
published_at	2026-04-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03388
published_at	2026-04-02T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03442
published_at	2026-04-09T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03403
published_at	2026-04-11T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03375
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6195

reference_url

https://hackerone.com/reports/3155693

reference_id

3155693

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-28T14:39:47Z/

url

https://hackerone.com/reports/3155693

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/549937

reference_id

549937

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-28T14:39:47Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/549937

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/

reference_id

patch-release-gitlab-18-6-1-released

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-28T14:39:47Z/

url

https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-6195

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qbnp-1usq-cfa1

236

url VCID-qj66-stms-tke2

vulnerability_id VCID-qj66-stms-tke2

summary Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22244

reference_id

reference_type

scores

value	0.00145
scoring_system	epss
scoring_elements	0.34706
published_at	2026-04-01T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34914
published_at	2026-04-02T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.3494
published_at	2026-04-04T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34819
published_at	2026-04-07T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34864
published_at	2026-04-08T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34892
published_at	2026-04-09T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34896
published_at	2026-04-11T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34859
published_at	2026-04-12T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34835
published_at	2026-04-13T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34874
published_at	2026-04-16T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34858
published_at	2026-04-18T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34813
published_at	2026-04-21T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34578
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22244

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-22244

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qj66-stms-tke2

237

url VCID-qk1z-mhk6-ayew

vulnerability_id VCID-qk1z-mhk6-ayew

summary The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.

references

reference_url	https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-8540

reference_id

reference_type

scores

value	0.0032
scoring_system	epss
scoring_elements	0.55064
published_at	2026-04-24T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55128
published_at	2026-04-21T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.54981
published_at	2026-04-01T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55083
published_at	2026-04-07T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55107
published_at	2026-04-13T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55133
published_at	2026-04-09T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55145
published_at	2026-04-16T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55125
published_at	2026-04-12T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55149
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-8540

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/98449
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/98449

reference_url	https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd

reference_url	http://www.openwall.com/lists/oss-security/2014/10/31/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2014/10/31/2

reference_url	http://www.securityfocus.com/bid/70841
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/70841

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-8540

reference_id

CVE-2014-8540

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2014-8540

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2014-8540

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qk1z-mhk6-ayew

238

url VCID-qpzh-fahe-1fau

vulnerability_id VCID-qpzh-fahe-1fau

summary The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4490

reference_id

reference_type

scores

value	0.49784
scoring_system	epss
scoring_elements	0.97786
published_at	2026-04-01T12:55:00Z

value	0.49784
scoring_system	epss
scoring_elements	0.97793
published_at	2026-04-02T12:55:00Z

value	0.49784
scoring_system	epss
scoring_elements	0.97795
published_at	2026-04-04T12:55:00Z

value	0.49784
scoring_system	epss
scoring_elements	0.97798
published_at	2026-04-07T12:55:00Z

value	0.49784
scoring_system	epss
scoring_elements	0.97802
published_at	2026-04-08T12:55:00Z

value	0.49784
scoring_system	epss
scoring_elements	0.97805
published_at	2026-04-09T12:55:00Z

value	0.49784
scoring_system	epss
scoring_elements	0.97808
published_at	2026-04-11T12:55:00Z

value	0.49784
scoring_system	epss
scoring_elements	0.9781
published_at	2026-04-12T12:55:00Z

value	0.49784
scoring_system	epss
scoring_elements	0.97811
published_at	2026-04-13T12:55:00Z

value	0.49784
scoring_system	epss
scoring_elements	0.97817
published_at	2026-04-16T12:55:00Z

value	0.49784
scoring_system	epss
scoring_elements	0.97819
published_at	2026-04-18T12:55:00Z

value	0.49784
scoring_system	epss
scoring_elements	0.97818
published_at	2026-04-21T12:55:00Z

value	0.49784
scoring_system	epss
scoring_elements	0.97816
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4490

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34362.rb
reference_id	CVE-2013-4490;OSVDB-99371
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34362.rb

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2013-4490

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qpzh-fahe-1fau

239

url VCID-qsts-srv4-mkdj

vulnerability_id VCID-qsts-srv4-mkdj

summary An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4972

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05754
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05713
published_at	2026-04-02T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06073
published_at	2026-04-24T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05923
published_at	2026-04-13T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05888
published_at	2026-04-16T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.059
published_at	2026-04-18T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06051
published_at	2026-04-21T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05882
published_at	2026-04-07T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05921
published_at	2026-04-08T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05959
published_at	2026-04-09T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.0594
published_at	2026-04-11T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05931
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4972

reference_url

https://hackerone.com/reports/3148693

reference_id

3148693

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:08:31Z/

url

https://hackerone.com/reports/3148693

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/543816

reference_id

543816

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:08:31Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/543816

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-4972

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qsts-srv4-mkdj

240

url VCID-qy5e-vcfg-57hw

vulnerability_id VCID-qy5e-vcfg-57hw

summary An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-4912

reference_id

reference_type

scores

value	0.0006
scoring_system	epss
scoring_elements	0.19078
published_at	2026-04-02T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.1913
published_at	2026-04-04T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18846
published_at	2026-04-07T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18926
published_at	2026-04-08T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18979
published_at	2026-04-09T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18987
published_at	2026-04-11T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18939
published_at	2026-04-12T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18888
published_at	2026-04-13T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18842
published_at	2026-04-16T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18854
published_at	2026-04-18T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18868
published_at	2026-04-21T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18757
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4912

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-4912

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qy5e-vcfg-57hw

241

url VCID-r44u-cfuq-tugj

vulnerability_id VCID-r44u-cfuq-tugj

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending specifically crafted requests containing malicious JSON payloads.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-12571

reference_id

reference_type

scores

value	0.00096
scoring_system	epss
scoring_elements	0.26459
published_at	2026-04-24T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35845
published_at	2026-04-08T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35872
published_at	2026-04-11T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35831
published_at	2026-04-12T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35808
published_at	2026-04-13T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35847
published_at	2026-04-16T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35834
published_at	2026-04-18T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35785
published_at	2026-04-21T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35794
published_at	2026-04-07T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35867
published_at	2026-04-09T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38685
published_at	2026-04-04T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38661
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-12571

reference_url

https://hackerone.com/reports/3362239

reference_id

3362239

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T14:41:27Z/

url

https://hackerone.com/reports/3362239

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/579168

reference_id

579168

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T14:41:27Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/579168

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/

reference_id

patch-release-gitlab-18-6-1-released

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T14:41:27Z/

url

https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-12571

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r44u-cfuq-tugj

242

url VCID-r4xh-hudb-xqaa

vulnerability_id VCID-r4xh-hudb-xqaa

summary An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3906

reference_id

reference_type

scores

value	0.00255
scoring_system	epss
scoring_elements	0.48813
published_at	2026-04-02T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.4886
published_at	2026-04-11T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48834
published_at	2026-04-12T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48892
published_at	2026-04-16T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48888
published_at	2026-04-18T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48848
published_at	2026-04-21T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48838
published_at	2026-04-04T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48793
published_at	2026-04-07T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48847
published_at	2026-04-08T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48843
published_at	2026-04-13T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50733
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3906

reference_url

https://hackerone.com/reports/2071411

reference_id

2071411

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T14:28:00Z/

url

https://hackerone.com/reports/2071411

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/419213

reference_id

419213

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T14:28:00Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/419213

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-3906

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r4xh-hudb-xqaa

243

url VCID-r5g4-d645-vyb1

vulnerability_id VCID-r5g4-d645-vyb1

summary An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4092

reference_id

reference_type

scores

value	0.05051
scoring_system	epss
scoring_elements	0.89798
published_at	2026-04-24T12:55:00Z

value	0.05051
scoring_system	epss
scoring_elements	0.89781
published_at	2026-04-11T12:55:00Z

value	0.05051
scoring_system	epss
scoring_elements	0.89779
published_at	2026-04-12T12:55:00Z

value	0.05051
scoring_system	epss
scoring_elements	0.89772
published_at	2026-04-13T12:55:00Z

value	0.05051
scoring_system	epss
scoring_elements	0.89788
published_at	2026-04-18T12:55:00Z

value	0.05051
scoring_system	epss
scoring_elements	0.89783
published_at	2026-04-21T12:55:00Z

value	0.05051
scoring_system	epss
scoring_elements	0.89734
published_at	2026-04-02T12:55:00Z

value	0.05051
scoring_system	epss
scoring_elements	0.89749
published_at	2026-04-04T12:55:00Z

value	0.05051
scoring_system	epss
scoring_elements	0.8975
published_at	2026-04-07T12:55:00Z

value	0.05051
scoring_system	epss
scoring_elements	0.89768
published_at	2026-04-08T12:55:00Z

value	0.05051
scoring_system	epss
scoring_elements	0.89774
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4092

reference_url

https://hackerone.com/reports/1777934

reference_id

1777934

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T17:34:17Z/

url

https://hackerone.com/reports/1777934

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/383208

reference_id

383208

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T17:34:17Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/383208

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4092.json

reference_id

CVE-2022-4092.json

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T17:34:17Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4092.json

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-4092

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r5g4-d645-vyb1

244

url VCID-r5t2-zc9j-1feq

vulnerability_id VCID-r5t2-zc9j-1feq

summary GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.

references

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10077

reference_id

reference_type

scores

value	0.00136
scoring_system	epss
scoring_elements	0.33226
published_at	2026-04-24T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.3338
published_at	2026-04-21T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33372
published_at	2026-04-01T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33509
published_at	2026-04-02T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33542
published_at	2026-04-04T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33382
published_at	2026-04-07T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33427
published_at	2026-04-08T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33461
published_at	2026-04-09T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33465
published_at	2026-04-11T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33423
published_at	2026-04-12T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33399
published_at	2026-04-13T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33436
published_at	2026-04-16T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33411
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10077

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10077

reference_id

CVE-2020-10077

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10077

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-10077

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r5t2-zc9j-1feq

245

url VCID-r8w3-x3eq-pka3

vulnerability_id VCID-r8w3-x3eq-pka3

summary GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.

references

reference_url	https://about.gitlab.com/2017/02/15/gitlab-8-dot-16-dot-5-security-release/
reference_id
reference_type
scores
url	https://about.gitlab.com/2017/02/15/gitlab-8-dot-16-dot-5-security-release/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-8778

reference_id

reference_type

scores

value	0.00074
scoring_system	epss
scoring_elements	0.22266
published_at	2026-04-24T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22418
published_at	2026-04-21T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22399
published_at	2026-04-01T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22566
published_at	2026-04-02T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22609
published_at	2026-04-04T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22396
published_at	2026-04-07T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22477
published_at	2026-04-08T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22532
published_at	2026-04-09T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22551
published_at	2026-04-11T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.2251
published_at	2026-04-12T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22455
published_at	2026-04-13T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22471
published_at	2026-04-16T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22468
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-8778

reference_url	https://gitlab.com/gitlab-org/gitlab-ce/issues/27471
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/gitlab-ce/issues/27471

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.0:::::::*
reference_id	cpe:2.3:a:gitlab:gitlab:8.15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.1:::::::*
reference_id	cpe:2.3:a:gitlab:gitlab:8.15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.2:::::::*
reference_id	cpe:2.3:a:gitlab:gitlab:8.15.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.3:::::::*
reference_id	cpe:2.3:a:gitlab:gitlab:8.15.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.4:::::::*
reference_id	cpe:2.3:a:gitlab:gitlab:8.15.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.5:::::::*
reference_id	cpe:2.3:a:gitlab:gitlab:8.15.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.0:::::::*
reference_id	cpe:2.3:a:gitlab:gitlab:8.16.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.1:::::::*
reference_id	cpe:2.3:a:gitlab:gitlab:8.16.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.2:::::::*
reference_id	cpe:2.3:a:gitlab:gitlab:8.16.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.3:::::::*
reference_id	cpe:2.3:a:gitlab:gitlab:8.16.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.4:::::::*
reference_id	cpe:2.3:a:gitlab:gitlab:8.16.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.4:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-8778

reference_id

CVE-2017-8778

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-8778

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2017-8778

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r8w3-x3eq-pka3

246

url VCID-r9hj-3rtr-kkea

vulnerability_id VCID-r9hj-3rtr-kkea

summary The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4546

reference_id

reference_type

scores

value	0.00219
scoring_system	epss
scoring_elements	0.44514
published_at	2026-04-01T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.4459
published_at	2026-04-02T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44611
published_at	2026-04-04T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44549
published_at	2026-04-07T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44599
published_at	2026-04-08T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44605
published_at	2026-04-09T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44621
published_at	2026-04-11T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44592
published_at	2026-04-12T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44593
published_at	2026-04-13T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44649
published_at	2026-04-16T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44642
published_at	2026-04-18T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44573
published_at	2026-04-21T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44487
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4546

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2013-4546

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r9hj-3rtr-kkea

247

url VCID-r9sh-n914-kfhc

vulnerability_id VCID-r9sh-n914-kfhc

summary Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22248

reference_id

reference_type

scores

value	0.00219
scoring_system	epss
scoring_elements	0.44501
published_at	2026-04-01T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44577
published_at	2026-04-12T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44598
published_at	2026-04-04T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44535
published_at	2026-04-07T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44585
published_at	2026-04-08T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.4459
published_at	2026-04-09T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44606
published_at	2026-04-11T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44578
published_at	2026-04-13T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44634
published_at	2026-04-16T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44627
published_at	2026-04-18T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44557
published_at	2026-04-21T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.4447
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22248

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-22248

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r9sh-n914-kfhc

248

url VCID-rd3n-uts6-tkb5

vulnerability_id VCID-rd3n-uts6-tkb5

summary An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-4278

reference_id

reference_type

scores

value	0.00041
scoring_system	epss
scoring_elements	0.12526
published_at	2026-04-24T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12496
published_at	2026-04-13T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12399
published_at	2026-04-16T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12403
published_at	2026-04-18T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12518
published_at	2026-04-21T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12625
published_at	2026-04-02T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12666
published_at	2026-04-04T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12479
published_at	2026-04-07T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12557
published_at	2026-04-08T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12608
published_at	2026-04-09T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12575
published_at	2026-04-11T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12535
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-4278

reference_url

https://hackerone.com/reports/2466205

reference_id

2466205

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T13:39:52Z/

url

https://hackerone.com/reports/2466205

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/458484

reference_id

458484

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T13:39:52Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/458484

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-4278

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rd3n-uts6-tkb5

249

url VCID-rf6c-3v98-qub2

vulnerability_id VCID-rf6c-3v98-qub2

summary An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1948

reference_id

reference_type

scores

value	0.0134
scoring_system	epss
scoring_elements	0.79957
published_at	2026-04-01T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.79965
published_at	2026-04-02T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.79986
published_at	2026-04-04T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.79975
published_at	2026-04-07T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.80003
published_at	2026-04-08T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.80012
published_at	2026-04-09T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.80032
published_at	2026-04-11T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.80016
published_at	2026-04-12T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.80008
published_at	2026-04-13T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.80036
published_at	2026-04-18T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.80038
published_at	2026-04-21T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.80065
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1948

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-1948

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rf6c-3v98-qub2

250

url VCID-rfzk-kkg4-eqhs

vulnerability_id VCID-rfzk-kkg4-eqhs

summary GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-9484

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01791
published_at	2026-04-09T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01784
published_at	2026-04-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01773
published_at	2026-04-12T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01771
published_at	2026-04-13T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02719
published_at	2026-04-16T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02731
published_at	2026-04-18T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02843
published_at	2026-04-21T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02835
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-9484

reference_url

https://hackerone.com/reports/3303810

reference_id

3303810

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:03:07Z/

url

https://hackerone.com/reports/3303810

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/565363

reference_id

565363

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:03:07Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/565363

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

reference_id

patch-release-gitlab-18-10-3-released

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:03:07Z/

url

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-9484

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rfzk-kkg4-eqhs

251

url VCID-rjdh-k6dk-5yc7

vulnerability_id VCID-rjdh-k6dk-5yc7

summary A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13273

reference_id

reference_type

scores

value	0.00192
scoring_system	epss
scoring_elements	0.41021
published_at	2026-04-01T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41104
published_at	2026-04-12T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41135
published_at	2026-04-04T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41061
published_at	2026-04-07T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.4111
published_at	2026-04-08T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41118
published_at	2026-04-09T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41138
published_at	2026-04-11T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41087
published_at	2026-04-13T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.4113
published_at	2026-04-16T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41101
published_at	2026-04-18T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41027
published_at	2026-04-21T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.40931
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13273

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-13273

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rjdh-k6dk-5yc7

252

url VCID-rk8u-a815-fyg9

vulnerability_id VCID-rk8u-a815-fyg9

summary An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-8977

reference_id

reference_type

scores

value	0.00063
scoring_system	epss
scoring_elements	0.19396
published_at	2026-04-24T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.1952
published_at	2026-04-13T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19485
published_at	2026-04-16T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19494
published_at	2026-04-18T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19505
published_at	2026-04-21T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19717
published_at	2026-04-02T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19766
published_at	2026-04-04T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19491
published_at	2026-04-07T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19569
published_at	2026-04-08T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19622
published_at	2026-04-09T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19626
published_at	2026-04-11T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19578
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-8977

reference_url

https://hackerone.com/reports/2697456

reference_id

2697456

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T13:53:25Z/

url

https://hackerone.com/reports/2697456

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/491060

reference_id

491060

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T13:53:25Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/491060

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-8977

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rk8u-a815-fyg9

253

url VCID-rkvt-edq1-xqf6

vulnerability_id VCID-rkvt-edq1-xqf6

summary An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5473

reference_id

reference_type

scores

value	0.00193
scoring_system	epss
scoring_elements	0.41096
published_at	2026-04-24T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41206
published_at	2026-04-21T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41185
published_at	2026-04-01T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41277
published_at	2026-04-02T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41306
published_at	2026-04-04T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.4123
published_at	2026-04-07T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41281
published_at	2026-04-08T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41288
published_at	2026-04-09T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.4131
published_at	2026-04-11T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41278
published_at	2026-04-12T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41265
published_at	2026-04-13T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41309
published_at	2026-04-16T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.4128
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5473

reference_url	https://gitlab.com/gitlab-org/gitlab-ee/issues/11643
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/gitlab-ee/issues/11643

reference_url	https://hackerone.com/reports/565883
reference_id
reference_type
scores
url	https://hackerone.com/reports/565883

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:12.0.4::::enterprise:::
reference_id	cpe:2.3:a:gitlab:gitlab:12.0.4::::enterprise:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:12.0.4::::enterprise:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:12.1.2::::enterprise:::
reference_id	cpe:2.3:a:gitlab:gitlab:12.1.2::::enterprise:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:12.1.2::::enterprise:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-5473

reference_id

CVE-2019-5473

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-5473

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-5473

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rkvt-edq1-xqf6

254

url VCID-rmgh-bkgf-ykfv

vulnerability_id VCID-rmgh-bkgf-ykfv

summary An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-6797

reference_id

reference_type

scores

value	0.00127
scoring_system	epss
scoring_elements	0.32009
published_at	2026-04-01T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32136
published_at	2026-04-02T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32175
published_at	2026-04-04T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.31998
published_at	2026-04-07T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.3205
published_at	2026-04-08T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32079
published_at	2026-04-09T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32082
published_at	2026-04-11T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32044
published_at	2026-04-12T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32011
published_at	2026-04-13T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32045
published_at	2026-04-16T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32023
published_at	2026-04-18T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.31996
published_at	2026-04-21T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.31831
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-6797

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-6797

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rmgh-bkgf-ykfv

255

url VCID-s3y1-pgra-auab

vulnerability_id VCID-s3y1-pgra-auab

summary GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through the GitLab server.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-12575

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02707
published_at	2026-04-02T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02749
published_at	2026-04-09T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02719
published_at	2026-04-11T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02704
published_at	2026-04-12T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.027
published_at	2026-04-13T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02681
published_at	2026-04-16T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.0269
published_at	2026-04-18T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.0272
published_at	2026-04-04T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02726
published_at	2026-04-07T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02729
published_at	2026-04-08T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.03998
published_at	2026-04-24T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.03986
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-12575

reference_url

https://hackerone.com/reports/3397752

reference_id

3397752

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:15:19Z/

url

https://hackerone.com/reports/3397752

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/579171

reference_id

579171

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:15:19Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/579171

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

reference_id

patch-release-gitlab-18-8-4-released

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:15:19Z/

url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-12575

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s3y1-pgra-auab

256

url VCID-sdac-wwd7-c7bt

vulnerability_id VCID-sdac-wwd7-c7bt

summary An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6736

reference_id

reference_type

scores

value	0.00059
scoring_system	epss
scoring_elements	0.18389
published_at	2026-04-24T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18457
published_at	2026-04-16T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18467
published_at	2026-04-18T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18488
published_at	2026-04-21T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18709
published_at	2026-04-02T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18763
published_at	2026-04-04T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18479
published_at	2026-04-07T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.1856
published_at	2026-04-08T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18612
published_at	2026-04-09T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18614
published_at	2026-04-11T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18568
published_at	2026-04-12T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18515
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6736

reference_url

https://hackerone.com/reports/2269023

reference_id

2269023

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T17:28:36Z/

url

https://hackerone.com/reports/2269023

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/435036

reference_id

435036

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T17:28:36Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/435036

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-6736

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sdac-wwd7-c7bt

257

url VCID-sfmb-e2eg-6bh6

vulnerability_id VCID-sfmb-e2eg-6bh6

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-0958

reference_id

reference_type

scores

value	0.00035
scoring_system	epss
scoring_elements	0.10297
published_at	2026-04-02T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10404
published_at	2026-04-09T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10432
published_at	2026-04-11T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10393
published_at	2026-04-12T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10372
published_at	2026-04-13T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10242
published_at	2026-04-16T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10213
published_at	2026-04-18T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10364
published_at	2026-04-04T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10265
published_at	2026-04-07T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10338
published_at	2026-04-08T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10877
published_at	2026-04-24T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10918
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-0958

reference_url

https://hackerone.com/reports/3463363

reference_id

3463363

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:19:34Z/

url

https://hackerone.com/reports/3463363

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/586202

reference_id

586202

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:19:34Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/586202

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

reference_id

patch-release-gitlab-18-8-4-released

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:19:34Z/

url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-0958

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sfmb-e2eg-6bh6

258

url VCID-sk4h-79hx-wuea

vulnerability_id VCID-sk4h-79hx-wuea

summary OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13272

reference_id

reference_type

scores

value	0.00126
scoring_system	epss
scoring_elements	0.31932
published_at	2026-04-01T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.3206
published_at	2026-04-02T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.321
published_at	2026-04-04T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31923
published_at	2026-04-07T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31974
published_at	2026-04-08T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32003
published_at	2026-04-09T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32006
published_at	2026-04-11T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31967
published_at	2026-04-16T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31933
published_at	2026-04-13T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31945
published_at	2026-04-18T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31919
published_at	2026-04-21T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31749
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13272

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-13272

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sk4h-79hx-wuea

259

url VCID-ss26-fdeq-hkc4

vulnerability_id VCID-ss26-fdeq-hkc4

summary An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-20142

reference_id

reference_type

scores

value	0.00105
scoring_system	epss
scoring_elements	0.28503
published_at	2026-04-01T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28589
published_at	2026-04-02T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28632
published_at	2026-04-04T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28434
published_at	2026-04-07T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28502
published_at	2026-04-08T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28542
published_at	2026-04-09T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28543
published_at	2026-04-11T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28501
published_at	2026-04-12T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28451
published_at	2026-04-13T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28467
published_at	2026-04-16T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28444
published_at	2026-04-18T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28394
published_at	2026-04-21T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.2828
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-20142

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-20142

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ss26-fdeq-hkc4

260

url VCID-sscz-y8wj-pyah

vulnerability_id VCID-sscz-y8wj-pyah

summary A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13268

reference_id

reference_type

scores

value	0.00118
scoring_system	epss
scoring_elements	0.30678
published_at	2026-04-01T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.3081
published_at	2026-04-02T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30857
published_at	2026-04-04T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30676
published_at	2026-04-07T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30735
published_at	2026-04-08T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30767
published_at	2026-04-09T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.3077
published_at	2026-04-11T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30726
published_at	2026-04-12T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30681
published_at	2026-04-13T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30705
published_at	2026-04-16T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30687
published_at	2026-04-18T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30654
published_at	2026-04-21T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30477
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13268

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-13268

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sscz-y8wj-pyah

261

url VCID-sueq-u9x4-27hh

vulnerability_id VCID-sueq-u9x4-27hh

summary An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-3303

reference_id

reference_type

scores

value	0.00141
scoring_system	epss
scoring_elements	0.33867
published_at	2026-04-24T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34272
published_at	2026-04-18T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34249
published_at	2026-04-13T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34285
published_at	2026-04-16T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34236
published_at	2026-04-21T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34349
published_at	2026-04-02T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34376
published_at	2026-04-04T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.3424
published_at	2026-04-07T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34283
published_at	2026-04-08T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34312
published_at	2026-04-09T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34313
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-3303

reference_url

https://hackerone.com/reports/2418620

reference_id

2418620

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-13T14:35:39Z/

url

https://hackerone.com/reports/2418620

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/454460

reference_id

454460

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-13T14:35:39Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/454460

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-3303

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sueq-u9x4-27hh

262

url VCID-szgt-ynh2-xfgf

vulnerability_id VCID-szgt-ynh2-xfgf

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device responses.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-0723

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.01528
published_at	2026-04-24T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01417
published_at	2026-04-16T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01431
published_at	2026-04-18T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01519
published_at	2026-04-21T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01426
published_at	2026-04-02T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.0143
published_at	2026-04-04T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01435
published_at	2026-04-07T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.0144
published_at	2026-04-08T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01441
published_at	2026-04-09T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01433
published_at	2026-04-11T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01425
published_at	2026-04-12T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01427
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-0723

reference_url

https://hackerone.com/reports/3476052

reference_id

3476052

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-23T04:55:20Z/

url

https://hackerone.com/reports/3476052

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/585333

reference_id

585333

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-23T04:55:20Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/585333

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/

reference_id

patch-release-gitlab-18-8-2-released

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-23T04:55:20Z/

url

https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-0723

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-szgt-ynh2-xfgf

263

url VCID-szky-dm8n-qfdv

vulnerability_id VCID-szky-dm8n-qfdv

summary For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13285

reference_id

reference_type

scores

value	0.00131
scoring_system	epss
scoring_elements	0.32512
published_at	2026-04-01T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32656
published_at	2026-04-02T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32692
published_at	2026-04-04T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32515
published_at	2026-04-07T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32562
published_at	2026-04-08T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32588
published_at	2026-04-09T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.3259
published_at	2026-04-11T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32553
published_at	2026-04-12T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32525
published_at	2026-04-13T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32561
published_at	2026-04-16T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.3254
published_at	2026-04-18T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32507
published_at	2026-04-21T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32342
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13285

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-13285

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-szky-dm8n-qfdv

264

url VCID-t65w-w89v-zkfw

vulnerability_id VCID-t65w-w89v-zkfw

summary GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7967

reference_id

reference_type

scores

value	0.00047
scoring_system	epss
scoring_elements	0.14357
published_at	2026-04-01T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14443
published_at	2026-04-02T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14512
published_at	2026-04-04T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.1432
published_at	2026-04-07T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14402
published_at	2026-04-08T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14457
published_at	2026-04-09T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14406
published_at	2026-04-11T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14369
published_at	2026-04-12T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14313
published_at	2026-04-13T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14203
published_at	2026-04-16T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14201
published_at	2026-04-18T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14273
published_at	2026-04-21T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14299
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7967

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-7967

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t65w-w89v-zkfw

265

url VCID-t6av-eueg-t7h3

vulnerability_id VCID-t6av-eueg-t7h3

summary Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2228

reference_id

reference_type

scores

value	0.00153
scoring_system	epss
scoring_elements	0.36112
published_at	2026-04-02T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.36142
published_at	2026-04-04T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.35978
published_at	2026-04-07T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.36028
published_at	2026-04-08T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.36051
published_at	2026-04-09T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.36058
published_at	2026-04-11T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.3602
published_at	2026-04-12T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.35994
published_at	2026-04-13T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.36033
published_at	2026-04-16T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.36019
published_at	2026-04-18T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.35967
published_at	2026-04-21T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.3574
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2228

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-2228

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t6av-eueg-t7h3

266

url VCID-teya-apph-1bhn

vulnerability_id VCID-teya-apph-1bhn

summary Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39883

reference_id

reference_type

scores

value	0.002
scoring_system	epss
scoring_elements	0.42008
published_at	2026-04-24T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42062
published_at	2026-04-01T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42123
published_at	2026-04-02T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42151
published_at	2026-04-04T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42088
published_at	2026-04-07T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42139
published_at	2026-04-08T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.4215
published_at	2026-04-09T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42172
published_at	2026-04-11T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42135
published_at	2026-04-12T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42111
published_at	2026-04-13T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42162
published_at	2026-04-16T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42136
published_at	2026-04-18T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42066
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39883

reference_url

reference_id

AVG-2432

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2501

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-39883

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-teya-apph-1bhn

267

url VCID-tfvb-2gmk-9qdq

vulnerability_id VCID-tfvb-2gmk-9qdq

summary An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required.

references

reference_url

reference_id

reference_type

scores

value	0.0015
scoring_system	epss
scoring_elements	0.35658
published_at	2026-04-02T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35683
published_at	2026-04-04T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35563
published_at	2026-04-07T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35609
published_at	2026-04-08T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35633
published_at	2026-04-09T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35642
published_at	2026-04-11T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35598
published_at	2026-04-12T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35575
published_at	2026-04-13T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35614
published_at	2026-04-16T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35603
published_at	2026-04-18T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35554
published_at	2026-04-21T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35315
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2501

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-2501

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfvb-2gmk-9qdq

268

url VCID-tka7-kvyt-puev

vulnerability_id VCID-tka7-kvyt-puev

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by creating wiki pages with malicious content.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-12716

reference_id

reference_type

scores

value	0.00085
scoring_system	epss
scoring_elements	0.24802
published_at	2026-04-02T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.2484
published_at	2026-04-04T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24612
published_at	2026-04-07T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24682
published_at	2026-04-08T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24729
published_at	2026-04-09T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24742
published_at	2026-04-11T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.30037
published_at	2026-04-16T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.30016
published_at	2026-04-18T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29972
published_at	2026-04-21T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29899
published_at	2026-04-24T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.3007
published_at	2026-04-12T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.30021
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-12716

reference_url

https://hackerone.com/reports/3405832

reference_id

3405832

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-12T04:55:49Z/

url

https://hackerone.com/reports/3405832

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/579548

reference_id

579548

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-12T04:55:49Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/579548

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/

reference_id

patch-release-gitlab-18-6-2-released

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-12T04:55:49Z/

url

https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-12716

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tka7-kvyt-puev

269

url VCID-tnfb-sr49-ykhd

vulnerability_id VCID-tnfb-sr49-ykhd

summary An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18647

reference_id

reference_type

scores

value	0.00082
scoring_system	epss
scoring_elements	0.23956
published_at	2026-04-24T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24123
published_at	2026-04-01T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24252
published_at	2026-04-02T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24287
published_at	2026-04-04T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24072
published_at	2026-04-07T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24139
published_at	2026-04-08T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24184
published_at	2026-04-09T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24203
published_at	2026-04-11T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24161
published_at	2026-04-12T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24104
published_at	2026-04-13T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24118
published_at	2026-04-16T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24105
published_at	2026-04-18T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24082
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18647

reference_url

reference_id

AVG-802

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2026-4332

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2018-18647

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tnfb-sr49-ykhd

270

url VCID-trh9-jq39-6kd6

vulnerability_id VCID-trh9-jq39-6kd6

summary GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due to improper input sanitization.

references

reference_url

reference_id

reference_type

scores

value	0.00017
scoring_system	epss
scoring_elements	0.04303
published_at	2026-04-09T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04294
published_at	2026-04-11T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.0428
published_at	2026-04-12T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04258
published_at	2026-04-13T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04382
published_at	2026-04-16T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08873
published_at	2026-04-18T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09019
published_at	2026-04-21T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09064
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-4332

reference_url

https://hackerone.com/reports/3600345

reference_id

3600345

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:04:56Z/

url

https://hackerone.com/reports/3600345

reference_url

https://gitlab.com/gitlab-org/gitlab/-/work_items/593853

reference_id

593853

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:04:56Z/

url

https://gitlab.com/gitlab-org/gitlab/-/work_items/593853

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

reference_id

patch-release-gitlab-18-10-3-released

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:04:56Z/

url

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-4332

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-trh9-jq39-6kd6

271

url VCID-ttu3-zyg3-8yag

vulnerability_id VCID-ttu3-zyg3-8yag

summary GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15525

reference_id

reference_type

scores

value	0.00118
scoring_system	epss
scoring_elements	0.30678
published_at	2026-04-01T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.3081
published_at	2026-04-02T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30857
published_at	2026-04-04T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30676
published_at	2026-04-07T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30735
published_at	2026-04-08T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30767
published_at	2026-04-09T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.3077
published_at	2026-04-11T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30726
published_at	2026-04-12T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30681
published_at	2026-04-13T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30705
published_at	2026-04-16T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30687
published_at	2026-04-18T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30654
published_at	2026-04-21T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30477
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15525

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-15525

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ttu3-zyg3-8yag

272

url VCID-twdw-r81r-cycv

vulnerability_id VCID-twdw-r81r-cycv

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-1094

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05353
published_at	2026-04-16T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05425
published_at	2026-04-08T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05447
published_at	2026-04-09T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05421
published_at	2026-04-11T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05408
published_at	2026-04-12T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.054
published_at	2026-04-13T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05356
published_at	2026-04-18T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05383
published_at	2026-04-04T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05391
published_at	2026-04-07T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06394
published_at	2026-04-21T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06408
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-1094

reference_url

https://hackerone.com/reports/3502519

reference_id

3502519

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:18:29Z/

url

https://hackerone.com/reports/3502519

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/586483

reference_id

586483

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:18:29Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/586483

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitaly::::::::
reference_id	cpe:2.3:a:gitlab:gitaly::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitaly::::::::

reference_url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

reference_id

patch-release-gitlab-18-8-4-released

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:18:29Z/

url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-1094

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-twdw-r81r-cycv

273

url VCID-u11d-8ny8-vbec

vulnerability_id VCID-u11d-8ny8-vbec

summary An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-3396

reference_id

reference_type

scores

value	0.00023
scoring_system	epss
scoring_elements	0.06403
published_at	2026-04-24T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06227
published_at	2026-04-16T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.0624
published_at	2026-04-18T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06389
published_at	2026-04-21T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06043
published_at	2026-04-02T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06077
published_at	2026-04-04T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.0621
published_at	2026-04-07T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06252
published_at	2026-04-08T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06293
published_at	2026-04-09T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06284
published_at	2026-04-11T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.0628
published_at	2026-04-12T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06269
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-3396

reference_url

https://hackerone.com/reports/3079956

reference_id

3079956

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:11:33Z/

url

https://hackerone.com/reports/3079956

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/534636

reference_id

534636

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:11:33Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/534636

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-3396

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u11d-8ny8-vbec

274

url VCID-u2g4-4zhu-ckhf

vulnerability_id VCID-u2g4-4zhu-ckhf

summary GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19579

reference_id

reference_type

scores

value	0.00068
scoring_system	epss
scoring_elements	0.21022
published_at	2026-04-01T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21177
published_at	2026-04-02T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21232
published_at	2026-04-04T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20946
published_at	2026-04-07T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21027
published_at	2026-04-08T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21086
published_at	2026-04-09T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21104
published_at	2026-04-11T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.2106
published_at	2026-04-12T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21008
published_at	2026-04-13T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20998
published_at	2026-04-16T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20997
published_at	2026-04-18T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20976
published_at	2026-04-21T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20847
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19579

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2018-19579

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u2g4-4zhu-ckhf

275

url VCID-u4aa-8258-t7f5

vulnerability_id VCID-u4aa-8258-t7f5

summary An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11000

reference_id

reference_type

scores

value	0.00502
scoring_system	epss
scoring_elements	0.66108
published_at	2026-04-24T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66093
published_at	2026-04-11T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.6608
published_at	2026-04-12T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66051
published_at	2026-04-13T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66086
published_at	2026-04-16T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.661
published_at	2026-04-18T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66088
published_at	2026-04-21T12:55:00Z

value	0.00522
scoring_system	epss
scoring_elements	0.66844
published_at	2026-04-02T12:55:00Z

value	0.00522
scoring_system	epss
scoring_elements	0.66869
published_at	2026-04-04T12:55:00Z

value	0.00522
scoring_system	epss
scoring_elements	0.66842
published_at	2026-04-07T12:55:00Z

value	0.00522
scoring_system	epss
scoring_elements	0.66891
published_at	2026-04-08T12:55:00Z

value	0.00522
scoring_system	epss
scoring_elements	0.66904
published_at	2026-04-09T12:55:00Z

value	0.00522
scoring_system	epss
scoring_elements	0.66805
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11000

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-11000

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u4aa-8258-t7f5

276

url VCID-u532-5wns-v7h3

vulnerability_id VCID-u532-5wns-v7h3

summary An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary to permissions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-0861

reference_id

reference_type

scores

value	0.00022
scoring_system	epss
scoring_elements	0.06094
published_at	2026-04-24T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05943
published_at	2026-04-13T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05908
published_at	2026-04-16T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05919
published_at	2026-04-18T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06071
published_at	2026-04-21T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05879
published_at	2026-04-02T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05912
published_at	2026-04-04T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05903
published_at	2026-04-07T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05942
published_at	2026-04-08T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05981
published_at	2026-04-09T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05962
published_at	2026-04-11T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05953
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-0861

reference_url

https://hackerone.com/reports/2316435

reference_id

2316435

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:54:15Z/

url

https://hackerone.com/reports/2316435

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/439240

reference_id

439240

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:54:15Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/439240

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-0861

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u532-5wns-v7h3

277

url VCID-ufwe-mte5-dqb3

vulnerability_id VCID-ufwe-mte5-dqb3

summary An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue.

references

reference_url	https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11545

reference_id

reference_type

scores

value	0.00114
scoring_system	epss
scoring_elements	0.29784
published_at	2026-04-24T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29861
published_at	2026-04-21T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.30004
published_at	2026-04-11T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.30043
published_at	2026-04-02T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.3009
published_at	2026-04-04T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29903
published_at	2026-04-07T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29964
published_at	2026-04-08T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.3
published_at	2026-04-09T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29959
published_at	2026-04-12T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.2991
published_at	2026-04-13T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29927
published_at	2026-04-16T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29907
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11545

reference_url	https://gitlab.com/gitlab-org/gitlab-ce/issues/58939
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/gitlab-ce/issues/58939

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11545

reference_id

CVE-2019-11545

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:N/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11545

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-11545

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ufwe-mte5-dqb3

278

url VCID-ugmm-9je6-37df

vulnerability_id VCID-ugmm-9je6-37df

summary An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6680

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07123
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07171
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07145
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.072
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07232
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07229
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07216
published_at	2026-04-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07207
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07144
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07122
published_at	2026-04-18T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08397
published_at	2026-04-21T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08368
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6680

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-6680

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ugmm-9je6-37df

279

url VCID-uh8v-d6sj-u3h9

vulnerability_id VCID-uh8v-d6sj-u3h9

summary An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicious code to the CLI commands shown in the UI.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-9773

reference_id

reference_type

scores

value	0.00084
scoring_system	epss
scoring_elements	0.24251
published_at	2026-04-24T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24398
published_at	2026-04-13T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24415
published_at	2026-04-16T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24406
published_at	2026-04-18T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24378
published_at	2026-04-21T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24557
published_at	2026-04-02T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24594
published_at	2026-04-04T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24371
published_at	2026-04-07T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24441
published_at	2026-04-08T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24485
published_at	2026-04-09T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.245
published_at	2026-04-11T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24456
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-9773

reference_url

https://hackerone.com/reports/2671808

reference_id

2671808

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T13:07:31Z/

url

https://hackerone.com/reports/2671808

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/498557

reference_id

498557

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T13:07:31Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/498557

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-9773

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uh8v-d6sj-u3h9

280

url VCID-uv5z-hewg-xfgs

vulnerability_id VCID-uv5z-hewg-xfgs

summary An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Zentao project issues.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3331

reference_id

reference_type

scores

value	0.00174
scoring_system	epss
scoring_elements	0.38535
published_at	2026-04-24T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38775
published_at	2026-04-12T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38747
published_at	2026-04-13T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38793
published_at	2026-04-16T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38771
published_at	2026-04-18T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38691
published_at	2026-04-21T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38789
published_at	2026-04-02T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.3881
published_at	2026-04-04T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38738
published_at	2026-04-07T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38788
published_at	2026-04-08T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38799
published_at	2026-04-09T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38811
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3331

reference_url

https://hackerone.com/reports/1542834

reference_id

1542834

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T20:18:42Z/

url

https://hackerone.com/reports/1542834

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/360372

reference_id

360372

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T20:18:42Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/360372

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3331.json

reference_id

CVE-2022-3331.json

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T20:18:42Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3331.json

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-3331

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uv5z-hewg-xfgs

281

url VCID-uy7c-3b17-wydj

vulnerability_id VCID-uy7c-3b17-wydj

summary An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing unauthenticated users to perform queries through a path traversal vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2531

reference_id

reference_type

scores

value	0.00663
scoring_system	epss
scoring_elements	0.71136
published_at	2026-04-02T12:55:00Z

value	0.00663
scoring_system	epss
scoring_elements	0.71153
published_at	2026-04-04T12:55:00Z

value	0.00663
scoring_system	epss
scoring_elements	0.71128
published_at	2026-04-07T12:55:00Z

value	0.00663
scoring_system	epss
scoring_elements	0.7117
published_at	2026-04-08T12:55:00Z

value	0.00663
scoring_system	epss
scoring_elements	0.71182
published_at	2026-04-09T12:55:00Z

value	0.00663
scoring_system	epss
scoring_elements	0.71206
published_at	2026-04-11T12:55:00Z

value	0.00663
scoring_system	epss
scoring_elements	0.71192
published_at	2026-04-12T12:55:00Z

value	0.00663
scoring_system	epss
scoring_elements	0.71175
published_at	2026-04-13T12:55:00Z

value	0.00663
scoring_system	epss
scoring_elements	0.71221
published_at	2026-04-16T12:55:00Z

value	0.00663
scoring_system	epss
scoring_elements	0.71228
published_at	2026-04-18T12:55:00Z

value	0.00663
scoring_system	epss
scoring_elements	0.71205
published_at	2026-04-21T12:55:00Z

value	0.00663
scoring_system	epss
scoring_elements	0.71259
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2531

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-2531

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uy7c-3b17-wydj

282

url VCID-uya4-erjm-fkbp

vulnerability_id VCID-uya4-erjm-fkbp

summary A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URL

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-8635

reference_id

reference_type

scores

value	0.0007
scoring_system	epss
scoring_elements	0.21407
published_at	2026-04-24T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21582
published_at	2026-04-18T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21553
published_at	2026-04-21T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21721
published_at	2026-04-02T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21777
published_at	2026-04-04T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21527
published_at	2026-04-07T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21603
published_at	2026-04-08T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21661
published_at	2026-04-09T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21673
published_at	2026-04-11T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21635
published_at	2026-04-12T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21577
published_at	2026-04-13T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21575
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-8635

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/455273

reference_id

455273

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:20:26Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/455273

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-8635

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uya4-erjm-fkbp

283

url VCID-vbx6-nfew-muep

vulnerability_id VCID-vbx6-nfew-muep

summary An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10108

reference_id

reference_type

scores

value	0.00128
scoring_system	epss
scoring_elements	0.32137
published_at	2026-04-16T12:55:00Z

value	0.00128
scoring_system	epss
scoring_elements	0.32114
published_at	2026-04-18T12:55:00Z

value	0.00128
scoring_system	epss
scoring_elements	0.32087
published_at	2026-04-21T12:55:00Z

value	0.00128
scoring_system	epss
scoring_elements	0.31924
published_at	2026-04-24T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32835
published_at	2026-04-08T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32864
published_at	2026-04-09T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32799
published_at	2026-04-01T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32826
published_at	2026-04-12T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32801
published_at	2026-04-13T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32865
published_at	2026-04-11T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.3293
published_at	2026-04-02T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32965
published_at	2026-04-04T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32787
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10108

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-10108

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbx6-nfew-muep

284

url VCID-vcqv-pb1k-b3db

vulnerability_id VCID-vcqv-pb1k-b3db

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-2443

reference_id

reference_type

scores

value	0.00077
scoring_system	epss
scoring_elements	0.23162
published_at	2026-04-04T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23118
published_at	2026-04-02T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24459
published_at	2026-04-09T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24345
published_at	2026-04-07T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24414
published_at	2026-04-08T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24473
published_at	2026-04-11T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.2443
published_at	2026-04-12T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24372
published_at	2026-04-13T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46763
published_at	2026-04-24T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46833
published_at	2026-04-18T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.4678
published_at	2026-04-21T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46836
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-2443

reference_url

https://hackerone.com/reports/3037340

reference_id

3037340

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-20T17:27:10Z/

url

https://hackerone.com/reports/3037340

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/525363

reference_id

525363

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-20T17:27:10Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/525363

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-2443

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vcqv-pb1k-b3db

285

url VCID-vg4f-1qtj-gyba

vulnerability_id VCID-vg4f-1qtj-gyba

summary An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the 'Invite a group' feature to invite a group that has members that don't comply with domain allow-list.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1981

reference_id

reference_type

scores

value	0.00181
scoring_system	epss
scoring_elements	0.39633
published_at	2026-04-01T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39781
published_at	2026-04-02T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39804
published_at	2026-04-04T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39724
published_at	2026-04-07T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39777
published_at	2026-04-08T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39791
published_at	2026-04-09T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.398
published_at	2026-04-11T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39765
published_at	2026-04-12T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39748
published_at	2026-04-13T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39798
published_at	2026-04-16T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39769
published_at	2026-04-18T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39686
published_at	2026-04-21T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39507
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1981

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-1981

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vg4f-1qtj-gyba

286

url VCID-vhnx-kfu7-uybp

vulnerability_id VCID-vhnx-kfu7-uybp

summary GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.

references

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/

reference_url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10092

reference_id

reference_type

scores

value	0.001
scoring_system	epss
scoring_elements	0.27627
published_at	2026-04-24T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27679
published_at	2026-04-21T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27836
published_at	2026-04-11T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27887
published_at	2026-04-02T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27928
published_at	2026-04-04T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27721
published_at	2026-04-07T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27789
published_at	2026-04-08T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27831
published_at	2026-04-09T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27795
published_at	2026-04-12T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27738
published_at	2026-04-13T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27744
published_at	2026-04-16T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27719
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10092

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10092

reference_id

CVE-2020-10092

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10092

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-10092

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhnx-kfu7-uybp

287

url VCID-vj3b-nrqw-ckex

vulnerability_id VCID-vj3b-nrqw-ckex

summary gitlab: Privilege Escalation through pipeline jobs

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3932.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3932.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3932

reference_id

reference_type

scores

value	0.00067
scoring_system	epss
scoring_elements	0.20533
published_at	2026-04-24T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20658
published_at	2026-04-16T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20655
published_at	2026-04-18T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20646
published_at	2026-04-21T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20841
published_at	2026-04-02T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20898
published_at	2026-04-04T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20612
published_at	2026-04-07T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20688
published_at	2026-04-08T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20749
published_at	2026-04-09T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20768
published_at	2026-04-11T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20724
published_at	2026-04-12T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20672
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3932

reference_url

https://hackerone.com/reports/2057633

reference_id

2057633

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-24T13:25:44Z/

url

https://hackerone.com/reports/2057633

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2228986
reference_id	2228986
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2228986

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/417594

reference_id

417594

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-24T13:25:44Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/417594

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-3932

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vj3b-nrqw-ckex

288

url VCID-vqjx-a3nf-yqhv

vulnerability_id VCID-vqjx-a3nf-yqhv

summary An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-desk custom email template.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-5600

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.11043
published_at	2026-04-04T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10981
published_at	2026-04-02T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12139
published_at	2026-04-09T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12004
published_at	2026-04-07T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12087
published_at	2026-04-08T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12147
published_at	2026-04-11T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.1211
published_at	2026-04-12T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12079
published_at	2026-04-13T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17221
published_at	2026-04-24T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17282
published_at	2026-04-18T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17315
published_at	2026-04-21T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17275
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-5600

reference_url

https://hackerone.com/reports/2209702

reference_id

2209702

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-20T19:51:52Z/

url

https://hackerone.com/reports/2209702

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/428268

reference_id

428268

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-20T19:51:52Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/428268

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-5600

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vqjx-a3nf-yqhv

289

url VCID-vt4q-95e8-gufh

vulnerability_id VCID-vt4q-95e8-gufh

summary GitLab EE 11.0 and later through 12.7.2 allows XSS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7971

reference_id

reference_type

scores

value	0.001
scoring_system	epss
scoring_elements	0.27836
published_at	2026-04-11T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27887
published_at	2026-04-02T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27928
published_at	2026-04-04T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27721
published_at	2026-04-07T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27789
published_at	2026-04-08T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27831
published_at	2026-04-09T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27795
published_at	2026-04-12T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27738
published_at	2026-04-13T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27744
published_at	2026-04-16T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27719
published_at	2026-04-18T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27679
published_at	2026-04-21T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27627
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7971

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-7971

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vt4q-95e8-gufh

290

url VCID-vt5a-3cc5-x7d6

vulnerability_id VCID-vt5a-3cc5-x7d6

summary An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.

references

reference_url	https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5471

reference_id

reference_type

scores

value	0.00069
scoring_system	epss
scoring_elements	0.21057
published_at	2026-04-24T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21184
published_at	2026-04-21T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21187
published_at	2026-04-01T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21338
published_at	2026-04-02T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21393
published_at	2026-04-04T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21147
published_at	2026-04-07T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21226
published_at	2026-04-08T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21288
published_at	2026-04-09T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21298
published_at	2026-04-11T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21258
published_at	2026-04-12T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21204
published_at	2026-04-13T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21198
published_at	2026-04-16T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21207
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5471

reference_url	https://gitlab.com/gitlab-org/gitlab-ee/issues/11515
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/gitlab-ee/issues/11515

reference_url	https://hackerone.com/reports/496973
reference_id
reference_type
scores
url	https://hackerone.com/reports/496973

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-5471

reference_id

CVE-2019-5471

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-5471

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-5471

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vt5a-3cc5-x7d6

291

url VCID-vuku-4geu-eue8

vulnerability_id VCID-vuku-4geu-eue8

summary An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2499

reference_id

reference_type

scores

value	0.00169
scoring_system	epss
scoring_elements	0.38212
published_at	2026-04-02T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38234
published_at	2026-04-04T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38104
published_at	2026-04-07T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38154
published_at	2026-04-08T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38162
published_at	2026-04-09T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38181
published_at	2026-04-11T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38145
published_at	2026-04-12T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.3812
published_at	2026-04-13T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38166
published_at	2026-04-16T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38147
published_at	2026-04-18T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38082
published_at	2026-04-21T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.37867
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2499

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-2499

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vuku-4geu-eue8

292

url VCID-vvbx-z929-vqdf

vulnerability_id VCID-vvbx-z929-vqdf

summary An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6477

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01915
published_at	2026-04-24T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01838
published_at	2026-04-16T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01837
published_at	2026-04-18T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01921
published_at	2026-04-21T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01861
published_at	2026-04-02T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01873
published_at	2026-04-04T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01874
published_at	2026-04-07T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01877
published_at	2026-04-08T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01891
published_at	2026-04-09T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01876
published_at	2026-04-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.0186
published_at	2026-04-12T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01856
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6477

reference_url

https://hackerone.com/reports/2270898

reference_id

2270898

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-22T16:24:56Z/

url

https://hackerone.com/reports/2270898

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/433463

reference_id

433463

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-22T16:24:56Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/433463

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-6477

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vvbx-z929-vqdf

293

url VCID-vx3v-n38w-b3cj

vulnerability_id VCID-vx3v-n38w-b3cj

summary gitlab: access tokens may have been logged on specific queries

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3993.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3993.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3993

reference_id

reference_type

scores

value	0.00088
scoring_system	epss
scoring_elements	0.25059
published_at	2026-04-24T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25151
published_at	2026-04-18T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25299
published_at	2026-04-02T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.2534
published_at	2026-04-04T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25118
published_at	2026-04-21T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25187
published_at	2026-04-08T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25232
published_at	2026-04-09T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25246
published_at	2026-04-11T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25205
published_at	2026-04-12T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25152
published_at	2026-04-13T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25161
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3993

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2228522
reference_id	2228522
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2228522

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/409570

reference_id

409570

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T15:41:18Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/409570

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-3993

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vx3v-n38w-b3cj

294

url VCID-vxux-8ddv-zkfr

vulnerability_id VCID-vxux-8ddv-zkfr

summary An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14601

reference_id

reference_type

scores

value	0.00233
scoring_system	epss
scoring_elements	0.46125
published_at	2026-04-01T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46166
published_at	2026-04-02T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46185
published_at	2026-04-04T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46133
published_at	2026-04-07T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.4619
published_at	2026-04-21T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46188
published_at	2026-04-09T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46212
published_at	2026-04-11T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46184
published_at	2026-04-12T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46193
published_at	2026-04-13T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.4625
published_at	2026-04-16T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46246
published_at	2026-04-18T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46171
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14601

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2018-14601

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vxux-8ddv-zkfr

295

url VCID-vydj-4uzb-rfe8

vulnerability_id VCID-vydj-4uzb-rfe8

summary An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-2254

reference_id

reference_type

scores

value	0.00099
scoring_system	epss
scoring_elements	0.27744
published_at	2026-04-04T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27706
published_at	2026-04-02T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27535
published_at	2026-04-07T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51502
published_at	2026-04-24T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51518
published_at	2026-04-13T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51562
published_at	2026-04-16T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.5157
published_at	2026-04-18T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51549
published_at	2026-04-21T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.5151
published_at	2026-04-08T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51508
published_at	2026-04-09T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51551
published_at	2026-04-11T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.5153
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-2254

reference_url

https://hackerone.com/reports/2973939

reference_id

2973939

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-12T13:38:28Z/

url

https://hackerone.com/reports/2973939

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/524636

reference_id

524636

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-12T13:38:28Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/524636

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-2254

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vydj-4uzb-rfe8

296

url VCID-vzxz-v49p-7kh4

vulnerability_id VCID-vzxz-v49p-7kh4

summary An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11505

reference_id

reference_type

scores

value	0.00067
scoring_system	epss
scoring_elements	0.20663
published_at	2026-04-01T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20806
published_at	2026-04-02T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20865
published_at	2026-04-04T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20578
published_at	2026-04-07T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20655
published_at	2026-04-08T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20716
published_at	2026-04-09T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20735
published_at	2026-04-11T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20692
published_at	2026-04-12T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20639
published_at	2026-04-13T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20626
published_at	2026-04-16T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20624
published_at	2026-04-18T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20615
published_at	2026-04-21T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20502
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11505

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-11505

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vzxz-v49p-7kh4

297

url VCID-w5va-ty5z-1qea

vulnerability_id VCID-w5va-ty5z-1qea

summary Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3286

reference_id

reference_type

scores

value	0.00123
scoring_system	epss
scoring_elements	0.31269
published_at	2026-04-24T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31492
published_at	2026-04-16T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.3147
published_at	2026-04-18T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31439
published_at	2026-04-21T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31586
published_at	2026-04-02T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.3163
published_at	2026-04-04T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31451
published_at	2026-04-07T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31504
published_at	2026-04-08T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31533
published_at	2026-04-09T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31538
published_at	2026-04-11T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31496
published_at	2026-04-12T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31459
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3286

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/363827

reference_id

363827

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:45:05Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/363827

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3286.json

reference_id

CVE-2022-3286.json

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:45:05Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3286.json

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-3286

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w5va-ty5z-1qea

298

url VCID-w6ms-gbth-wuhr

vulnerability_id VCID-w6ms-gbth-wuhr

summary An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4331

reference_id

reference_type

scores

value	0.00262
scoring_system	epss
scoring_elements	0.49559
published_at	2026-04-02T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55764
published_at	2026-04-24T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.5586
published_at	2026-04-11T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.5584
published_at	2026-04-12T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55822
published_at	2026-04-13T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55858
published_at	2026-04-16T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55862
published_at	2026-04-18T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55837
published_at	2026-04-21T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55818
published_at	2026-04-04T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55798
published_at	2026-04-07T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55849
published_at	2026-04-08T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55852
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4331

reference_url

https://hackerone.com/reports/1791518

reference_id

1791518

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-28T17:24:15Z/

url

https://hackerone.com/reports/1791518

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/385050

reference_id

385050

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-28T17:24:15Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/385050

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4331.json

reference_id

CVE-2022-4331.json

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-28T17:24:15Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4331.json

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-4331

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6ms-gbth-wuhr

299

url VCID-w6rc-dm6j-p3gx

vulnerability_id VCID-w6rc-dm6j-p3gx

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-7659

reference_id

reference_type

scores

value	8e-05
scoring_system	epss
scoring_elements	0.0068
published_at	2026-04-02T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00675
published_at	2026-04-08T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00667
published_at	2026-04-11T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.0066
published_at	2026-04-12T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00661
published_at	2026-04-13T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00654
published_at	2026-04-16T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00658
published_at	2026-04-18T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00672
published_at	2026-04-04T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00871
published_at	2026-04-24T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00869
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-7659

reference_url

https://hackerone.com/reports/3234976

reference_id

3234976

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-12T04:55:15Z/

url

https://hackerone.com/reports/3234976

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/555440

reference_id

555440

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-12T04:55:15Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/555440

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

reference_id

patch-release-gitlab-18-8-4-released

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-12T04:55:15Z/

url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-7659

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6rc-dm6j-p3gx

300

url VCID-w8dv-vtxr-4kem

vulnerability_id VCID-w8dv-vtxr-4kem

summary An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13336

reference_id

reference_type

scores

value	0.00121
scoring_system	epss
scoring_elements	0.31155
published_at	2026-04-01T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31282
published_at	2026-04-02T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31324
published_at	2026-04-04T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31143
published_at	2026-04-07T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31196
published_at	2026-04-08T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31227
published_at	2026-04-09T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31231
published_at	2026-04-11T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31187
published_at	2026-04-12T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31144
published_at	2026-04-13T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31177
published_at	2026-04-16T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31158
published_at	2026-04-18T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31128
published_at	2026-04-21T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.30967
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13336

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-13336

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w8dv-vtxr-4kem

301

url VCID-wbbc-jcdc-p7dy

vulnerability_id VCID-wbbc-jcdc-p7dy

summary An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-2825

reference_id

reference_type

scores

value	0.92182
scoring_system	epss
scoring_elements	0.99712
published_at	2026-04-13T12:55:00Z

value	0.92182
scoring_system	epss
scoring_elements	0.99718
published_at	2026-04-24T12:55:00Z

value	0.92182
scoring_system	epss
scoring_elements	0.99716
published_at	2026-04-21T12:55:00Z

value	0.92182
scoring_system	epss
scoring_elements	0.99714
published_at	2026-04-18T12:55:00Z

value	0.92182
scoring_system	epss
scoring_elements	0.99713
published_at	2026-04-16T12:55:00Z

value	0.92301
scoring_system	epss
scoring_elements	0.9972
published_at	2026-04-04T12:55:00Z

value	0.92301
scoring_system	epss
scoring_elements	0.99719
published_at	2026-04-02T12:55:00Z

value	0.92301
scoring_system	epss
scoring_elements	0.99721
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-2825

reference_url

https://hackerone.com/reports/1994725

reference_id

1994725

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-15T15:45:06Z/

url

https://hackerone.com/reports/1994725

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/412371

reference_id

412371

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-15T15:45:06Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/412371

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2825.json

reference_id

CVE-2023-2825.json

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-15T15:45:06Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2825.json

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-2825

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wbbc-jcdc-p7dy

302

url VCID-wbmg-kdbe-3yg5

vulnerability_id VCID-wbmg-kdbe-3yg5

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-3254

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.01519
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-3254

reference_url

https://hackerone.com/reports/3572752

reference_id

3572752

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:39:38Z/

url

https://hackerone.com/reports/3572752

reference_url

https://gitlab.com/gitlab-org/gitlab/-/work_items/591587

reference_id

591587

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:39:38Z/

url

https://gitlab.com/gitlab-org/gitlab/-/work_items/591587

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2026-3254

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wbmg-kdbe-3yg5

303

url VCID-wdkr-sgyg-muae

vulnerability_id VCID-wdkr-sgyg-muae

summary An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4278

reference_id

reference_type

scores

value	0.00137
scoring_system	epss
scoring_elements	0.33583
published_at	2026-04-04T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33551
published_at	2026-04-02T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33423
published_at	2026-04-07T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59878
published_at	2026-04-21T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59868
published_at	2026-04-12T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59848
published_at	2026-04-24T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59886
published_at	2026-04-16T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59892
published_at	2026-04-18T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59849
published_at	2026-04-08T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59863
published_at	2026-04-09T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59884
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4278

reference_url

https://hackerone.com/reports/3085738

reference_id

3085738

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-12T13:43:03Z/

url

https://hackerone.com/reports/3085738

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/539198

reference_id

539198

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-12T13:43:03Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/539198

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-4278

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wdkr-sgyg-muae

304

url VCID-wfh2-u7mp-q3cs

vulnerability_id VCID-wfh2-u7mp-q3cs

summary An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-10867

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07197
published_at	2026-04-18T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07272
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07202
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07322
published_at	2026-04-21T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07241
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07219
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07274
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07301
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07296
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07282
published_at	2026-04-12T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.07952
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-10867

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/517757

reference_id

517757

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T15:33:16Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/517757

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-10867

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wfh2-u7mp-q3cs

305

url VCID-whju-3tkp-wqbv

vulnerability_id VCID-whju-3tkp-wqbv

summary An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a member of.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3511

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05335
published_at	2026-04-18T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05366
published_at	2026-04-04T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05378
published_at	2026-04-07T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05412
published_at	2026-04-08T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05435
published_at	2026-04-09T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05404
published_at	2026-04-11T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05392
published_at	2026-04-12T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05384
published_at	2026-04-13T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05333
published_at	2026-04-16T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05496
published_at	2026-04-21T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05537
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3511

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-3511

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-whju-3tkp-wqbv

306

url VCID-wjax-pq2u-77db

vulnerability_id VCID-wjax-pq2u-77db

summary An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication process, the application attempts to validate a parameter in an insecure way, potentially exposing data.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10114

reference_id

reference_type

scores

value	0.00234
scoring_system	epss
scoring_elements	0.46317
published_at	2026-04-16T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46314
published_at	2026-04-18T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46257
published_at	2026-04-21T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46239
published_at	2026-04-24T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.4758
published_at	2026-04-08T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47576
published_at	2026-04-12T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47528
published_at	2026-04-01T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47584
published_at	2026-04-13T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.476
published_at	2026-04-11T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47556
published_at	2026-04-02T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47577
published_at	2026-04-04T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47525
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10114

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-10114

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wjax-pq2u-77db

307

url VCID-wuky-wgxh-xkgc

vulnerability_id VCID-wuky-wgxh-xkgc

summary An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-5067

reference_id

reference_type

scores

value	0.00116
scoring_system	epss
scoring_elements	0.30194
published_at	2026-04-24T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.3036
published_at	2026-04-08T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30394
published_at	2026-04-09T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30396
published_at	2026-04-11T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30353
published_at	2026-04-12T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30306
published_at	2026-04-13T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30322
published_at	2026-04-16T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30304
published_at	2026-04-18T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30259
published_at	2026-04-21T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30445
published_at	2026-04-02T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.3049
published_at	2026-04-04T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30301
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-5067

reference_url

https://hackerone.com/reports/2462303

reference_id

2462303

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T15:32:48Z/

url

https://hackerone.com/reports/2462303

reference_url

https://hackerone.com/reports/2502047

reference_id

2502047

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T15:32:48Z/

url

https://hackerone.com/reports/2502047

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/458504

reference_id

458504

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T15:32:48Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/458504

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/462427

reference_id

462427

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T15:32:48Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/462427

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-5067

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wuky-wgxh-xkgc

308

url VCID-wz3j-dsp8-eygv

vulnerability_id VCID-wz3j-dsp8-eygv

summary An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-5195

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02399
published_at	2026-04-04T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02389
published_at	2026-04-02T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02397
published_at	2026-04-07T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08992
published_at	2026-04-24T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08791
published_at	2026-04-18T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08945
published_at	2026-04-21T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08952
published_at	2026-04-08T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.0898
published_at	2026-04-09T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08976
published_at	2026-04-11T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08941
published_at	2026-04-12T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08928
published_at	2026-04-13T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08818
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-5195

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/534960

reference_id

534960

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:22:10Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/534960

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-5195

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wz3j-dsp8-eygv

309

url VCID-x2re-b85h-zqhw

vulnerability_id VCID-x2re-b85h-zqhw

summary An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect Access Control.

references

reference_url	https://about.gitlab.com/blog/categories/releases/
reference_id
reference_type
scores
url	https://about.gitlab.com/blog/categories/releases/

reference_url	https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-13005

reference_id

reference_type

scores

value	0.00157
scoring_system	epss
scoring_elements	0.36232
published_at	2026-04-24T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.3646
published_at	2026-04-21T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36426
published_at	2026-04-01T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36599
published_at	2026-04-02T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36632
published_at	2026-04-04T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36469
published_at	2026-04-07T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.3652
published_at	2026-04-08T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.3654
published_at	2026-04-09T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36547
published_at	2026-04-11T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36512
published_at	2026-04-12T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36489
published_at	2026-04-13T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36533
published_at	2026-04-16T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36515
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-13005

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-13005

reference_id

CVE-2019-13005

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:N/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-13005

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-13005

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x2re-b85h-zqhw

310

url VCID-x44a-mdf3-93f4

vulnerability_id VCID-x44a-mdf3-93f4

summary A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13269

reference_id

reference_type

scores

value	0.00486
scoring_system	epss
scoring_elements	0.65312
published_at	2026-04-01T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65361
published_at	2026-04-02T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65387
published_at	2026-04-04T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65351
published_at	2026-04-07T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65404
published_at	2026-04-08T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65415
published_at	2026-04-09T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65434
published_at	2026-04-11T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.6542
published_at	2026-04-12T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65393
published_at	2026-04-13T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65429
published_at	2026-04-16T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.6544
published_at	2026-04-18T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65425
published_at	2026-04-21T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65441
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13269

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-13269

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x44a-mdf3-93f4

311

url VCID-x4dc-1ecc-gfg9

vulnerability_id VCID-x4dc-1ecc-gfg9

summary An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-10043

reference_id

reference_type

scores

value	0.00194
scoring_system	epss
scoring_elements	0.41202
published_at	2026-04-24T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41371
published_at	2026-04-13T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41415
published_at	2026-04-16T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41387
published_at	2026-04-18T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41314
published_at	2026-04-21T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41383
published_at	2026-04-02T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41412
published_at	2026-04-04T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41339
published_at	2026-04-07T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.4139
published_at	2026-04-08T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41397
published_at	2026-04-09T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41417
published_at	2026-04-11T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41386
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-10043

reference_url

https://hackerone.com/reports/2774817

reference_id

2774817

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T15:21:15Z/

url

https://hackerone.com/reports/2774817

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/499577

reference_id

499577

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T15:21:15Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/499577

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-10043

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x4dc-1ecc-gfg9

312

url VCID-x4jq-mjm7-kfbd

vulnerability_id VCID-x4jq-mjm7-kfbd

summary An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10117

reference_id

reference_type

scores

value	0.00132
scoring_system	epss
scoring_elements	0.32769
published_at	2026-04-16T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32746
published_at	2026-04-18T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32716
published_at	2026-04-21T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32565
published_at	2026-04-24T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.3356
published_at	2026-04-08T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33594
published_at	2026-04-09T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33488
published_at	2026-04-01T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33546
published_at	2026-04-12T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33523
published_at	2026-04-13T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33588
published_at	2026-04-11T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33643
published_at	2026-04-02T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33677
published_at	2026-04-04T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33515
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10117

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-10117

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x4jq-mjm7-kfbd

313

url VCID-x5nn-pu4m-pbdh

vulnerability_id VCID-x5nn-pu4m-pbdh

summary Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22251

reference_id

reference_type

scores

value	0.00218
scoring_system	epss
scoring_elements	0.44316
published_at	2026-04-01T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44404
published_at	2026-04-12T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44426
published_at	2026-04-04T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.4436
published_at	2026-04-07T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44412
published_at	2026-04-08T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44418
published_at	2026-04-09T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44436
published_at	2026-04-11T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44403
published_at	2026-04-13T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.4446
published_at	2026-04-16T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.4445
published_at	2026-04-18T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44379
published_at	2026-04-21T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44277
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22251

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-22251

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x5nn-pu4m-pbdh

314

url VCID-x7ax-e9y6-zya6

vulnerability_id VCID-x7ax-e9y6-zya6

summary In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19629

reference_id

reference_type

scores

value	0.00088
scoring_system	epss
scoring_elements	0.25264
published_at	2026-04-01T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.2534
published_at	2026-04-02T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.2538
published_at	2026-04-04T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25157
published_at	2026-04-07T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25226
published_at	2026-04-08T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25271
published_at	2026-04-09T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25286
published_at	2026-04-11T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25244
published_at	2026-04-12T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.2519
published_at	2026-04-13T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25199
published_at	2026-04-16T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25189
published_at	2026-04-18T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25159
published_at	2026-04-21T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25108
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19629

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-19629

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7ax-e9y6-zya6

315

url VCID-x8ye-nvmk-g3hx

vulnerability_id VCID-x8ye-nvmk-g3hx

summary GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19313

reference_id

reference_type

scores

value	0.00255
scoring_system	epss
scoring_elements	0.48787
published_at	2026-04-01T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48825
published_at	2026-04-02T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48851
published_at	2026-04-04T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48805
published_at	2026-04-07T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.4886
published_at	2026-04-21T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48856
published_at	2026-04-09T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48872
published_at	2026-04-11T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48846
published_at	2026-04-12T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48854
published_at	2026-04-13T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48904
published_at	2026-04-16T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.489
published_at	2026-04-18T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48848
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19313

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-19313

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x8ye-nvmk-g3hx

316

url VCID-xbhh-rgrh-n3g8

vulnerability_id VCID-xbhh-rgrh-n3g8

summary An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control.

references

reference_url	https://about.gitlab.com/blog/categories/releases/
reference_id
reference_type
scores
url	https://about.gitlab.com/blog/categories/releases/

reference_url	https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
reference_id
reference_type
scores
url	https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-13002

reference_id

reference_type

scores

value	0.00069
scoring_system	epss
scoring_elements	0.21079
published_at	2026-04-24T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21233
published_at	2026-04-18T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21211
published_at	2026-04-21T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21367
published_at	2026-04-02T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21421
published_at	2026-04-04T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21173
published_at	2026-04-07T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21253
published_at	2026-04-08T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21314
published_at	2026-04-09T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21324
published_at	2026-04-11T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21283
published_at	2026-04-12T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.2123
published_at	2026-04-13T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21223
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-13002

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::community:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::community:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_id	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-13002

reference_id

CVE-2019-13002

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:N/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-13002

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-13002

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xbhh-rgrh-n3g8

317

url VCID-xkez-a8pc-6kdz

vulnerability_id VCID-xkez-a8pc-6kdz

summary An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0738

reference_id

reference_type

scores

value	0.00187
scoring_system	epss
scoring_elements	0.40409
published_at	2026-04-01T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40497
published_at	2026-04-02T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40524
published_at	2026-04-04T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40445
published_at	2026-04-07T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40496
published_at	2026-04-08T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40507
published_at	2026-04-09T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40528
published_at	2026-04-11T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.4049
published_at	2026-04-12T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.4047
published_at	2026-04-13T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40518
published_at	2026-04-16T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40487
published_at	2026-04-18T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.4041
published_at	2026-04-21T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.403
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0738

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-0738

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xkez-a8pc-6kdz

318

url VCID-xmtp-1bt1-2be5

vulnerability_id VCID-xmtp-1bt1-2be5

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-8099

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.10829
published_at	2026-04-02T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10853
published_at	2026-04-09T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10866
published_at	2026-04-11T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10834
published_at	2026-04-12T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.1081
published_at	2026-04-13T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10671
published_at	2026-04-16T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10686
published_at	2026-04-18T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10893
published_at	2026-04-04T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10721
published_at	2026-04-07T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10797
published_at	2026-04-08T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11355
published_at	2026-04-24T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.1141
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-8099

reference_url

https://hackerone.com/reports/3240210

reference_id

3240210

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:14:00Z/

url

https://hackerone.com/reports/3240210

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/557165

reference_id

557165

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:14:00Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/557165

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

reference_id

patch-release-gitlab-18-8-4-released

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:14:00Z/

url

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-8099

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xmtp-1bt1-2be5

319

url VCID-xr8q-yjyj-97af

vulnerability_id VCID-xr8q-yjyj-97af

summary GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7976

reference_id

reference_type

scores

value	0.00075
scoring_system	epss
scoring_elements	0.22526
published_at	2026-04-01T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22698
published_at	2026-04-02T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22743
published_at	2026-04-04T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22531
published_at	2026-04-07T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22609
published_at	2026-04-08T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22662
published_at	2026-04-09T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2268
published_at	2026-04-11T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22639
published_at	2026-04-12T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22583
published_at	2026-04-13T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22598
published_at	2026-04-16T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22594
published_at	2026-04-18T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22544
published_at	2026-04-21T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22393
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7976

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2020-7976

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xr8q-yjyj-97af

320

url VCID-xx1a-64aa-bqc7

vulnerability_id VCID-xx1a-64aa-bqc7

summary An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-5009

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07102
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07151
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07126
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07179
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.0721
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07208
published_at	2026-04-11T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12179
published_at	2026-04-16T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12182
published_at	2026-04-18T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12287
published_at	2026-04-21T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.1227
published_at	2026-04-24T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.1232
published_at	2026-04-12T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12282
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-5009

reference_url

https://hackerone.com/reports/2147126

reference_id

2147126

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:51:08Z/

url

https://hackerone.com/reports/2147126

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/425304

reference_id

425304

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:51:08Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/425304

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-5009

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xx1a-64aa-bqc7

321

url VCID-y18c-pjw8-3bc3

vulnerability_id VCID-y18c-pjw8-3bc3

summary GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19311

reference_id

reference_type

scores

value	0.00192
scoring_system	epss
scoring_elements	0.41106
published_at	2026-04-01T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41197
published_at	2026-04-02T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41228
published_at	2026-04-04T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41154
published_at	2026-04-07T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41203
published_at	2026-04-08T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41211
published_at	2026-04-09T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41232
published_at	2026-04-11T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.412
published_at	2026-04-18T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41186
published_at	2026-04-13T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41229
published_at	2026-04-16T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41126
published_at	2026-04-21T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41015
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19311

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-19311

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y18c-pjw8-3bc3

322

url VCID-y1e2-9x7h-4feb

vulnerability_id VCID-y1e2-9x7h-4feb

summary An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-4283

reference_id

reference_type

scores

value	0.00035
scoring_system	epss
scoring_elements	0.10488
published_at	2026-04-24T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10524
published_at	2026-04-13T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.1039
published_at	2026-04-16T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10375
published_at	2026-04-18T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10503
published_at	2026-04-21T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10476
published_at	2026-04-02T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10544
published_at	2026-04-04T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10408
published_at	2026-04-07T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10482
published_at	2026-04-08T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.1055
published_at	2026-04-09T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10579
published_at	2026-04-11T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10546
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-4283

reference_url

https://hackerone.com/reports/2474286

reference_id

2474286

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T13:07:37Z/

url

https://hackerone.com/reports/2474286

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/458502

reference_id

458502

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T13:07:37Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/458502

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2024-4283

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1e2-9x7h-4feb

323

url VCID-y1ja-wmsu-8kew

vulnerability_id VCID-y1ja-wmsu-8kew

summary A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4335

reference_id

reference_type

scores

value	0.00368
scoring_system	epss
scoring_elements	0.58728
published_at	2026-04-24T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58783
published_at	2026-04-11T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58744
published_at	2026-04-13T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58776
published_at	2026-04-16T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58781
published_at	2026-04-18T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.5876
published_at	2026-04-21T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58716
published_at	2026-04-02T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58737
published_at	2026-04-04T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58705
published_at	2026-04-07T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58758
published_at	2026-04-08T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58764
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4335

reference_url

https://hackerone.com/reports/1462437

reference_id

1462437

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-28T14:37:07Z/

url

https://hackerone.com/reports/1462437

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/353018

reference_id

353018

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-28T14:37:07Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/353018

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4335.json

reference_id

CVE-2022-4335.json

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-28T14:37:07Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4335.json

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-4335

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1ja-wmsu-8kew

324

url VCID-y2gt-g94n-8bh6

vulnerability_id VCID-y2gt-g94n-8bh6

summary An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2281

reference_id

reference_type

scores

value	0.00207
scoring_system	epss
scoring_elements	0.43098
published_at	2026-04-02T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43126
published_at	2026-04-04T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43064
published_at	2026-04-07T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43118
published_at	2026-04-12T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.4313
published_at	2026-04-09T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43151
published_at	2026-04-11T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43103
published_at	2026-04-13T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43163
published_at	2026-04-16T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43153
published_at	2026-04-18T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43087
published_at	2026-04-21T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43021
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2281

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2022-2281

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y2gt-g94n-8bh6

325

url VCID-yekv-ygxp-hbf8

vulnerability_id VCID-yekv-ygxp-hbf8

summary GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-14103

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02443
published_at	2026-04-24T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02351
published_at	2026-04-16T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02357
published_at	2026-04-18T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02455
published_at	2026-04-21T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.0237
published_at	2026-04-02T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.0238
published_at	2026-04-11T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02377
published_at	2026-04-07T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02382
published_at	2026-04-08T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02402
published_at	2026-04-09T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02368
published_at	2026-04-12T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02367
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-14103

reference_url

https://hackerone.com/reports/3448317

reference_id

3448317

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T20:52:13Z/

url

https://hackerone.com/reports/3448317

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/583053

reference_id

583053

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T20:52:13Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/583053

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/

reference_id

patch-release-gitlab-18-9-1-released

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T20:52:13Z/

url

https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-14103

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yekv-ygxp-hbf8

326

url VCID-yfqm-sp6g-gbaf

vulnerability_id VCID-yfqm-sp6g-gbaf

summary gitlab: GitLab: Stored Cross-Site Scripting via GitLab Flavored Markdown

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9222.json

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9222.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-9222

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.10962
published_at	2026-04-24T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.1106
published_at	2026-04-02T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11025
published_at	2026-04-13T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10879
published_at	2026-04-16T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.1089
published_at	2026-04-18T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11007
published_at	2026-04-21T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11123
published_at	2026-04-04T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10944
published_at	2026-04-07T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11022
published_at	2026-04-08T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11075
published_at	2026-04-09T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11079
published_at	2026-04-11T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11047
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-9222

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2428222
reference_id	2428222
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2428222

reference_url

https://hackerone.com/reports/3297483

reference_id

3297483

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-10T04:55:48Z/

url

https://hackerone.com/reports/3297483

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/562561

reference_id

562561

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-10T04:55:48Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/562561

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/

reference_id

patch-release-gitlab-18-7-1-released

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-10T04:55:48Z/

url

https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-9222

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yfqm-sp6g-gbaf

327

url VCID-ygxb-hemy-myf5

vulnerability_id VCID-ygxb-hemy-myf5

summary An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-1621

reference_id

reference_type

scores

value	0.01175
scoring_system	epss
scoring_elements	0.78754
published_at	2026-04-24T12:55:00Z

value	0.01175
scoring_system	epss
scoring_elements	0.7871
published_at	2026-04-12T12:55:00Z

value	0.01175
scoring_system	epss
scoring_elements	0.78702
published_at	2026-04-13T12:55:00Z

value	0.01175
scoring_system	epss
scoring_elements	0.78731
published_at	2026-04-16T12:55:00Z

value	0.01175
scoring_system	epss
scoring_elements	0.78729
published_at	2026-04-18T12:55:00Z

value	0.01175
scoring_system	epss
scoring_elements	0.78725
published_at	2026-04-21T12:55:00Z

value	0.01175
scoring_system	epss
scoring_elements	0.78659
published_at	2026-04-02T12:55:00Z

value	0.01175
scoring_system	epss
scoring_elements	0.7869
published_at	2026-04-04T12:55:00Z

value	0.01175
scoring_system	epss
scoring_elements	0.78671
published_at	2026-04-07T12:55:00Z

value	0.01175
scoring_system	epss
scoring_elements	0.78697
published_at	2026-04-08T12:55:00Z

value	0.01175
scoring_system	epss
scoring_elements	0.78703
published_at	2026-04-09T12:55:00Z

value	0.01175
scoring_system	epss
scoring_elements	0.78728
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-1621

reference_url

https://hackerone.com/reports/1914049

reference_id

1914049

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:37:54Z/

url

https://hackerone.com/reports/1914049

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/399774

reference_id

399774

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:37:54Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/399774

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1621.json

reference_id

CVE-2023-1621.json

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:37:54Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1621.json

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2023-1621

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ygxb-hemy-myf5

328

url VCID-yq7h-64jj-wfcs

vulnerability_id VCID-yq7h-64jj-wfcs

summary An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22233

reference_id

reference_type

scores

value	0.00186
scoring_system	epss
scoring_elements	0.40178
published_at	2026-04-24T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40285
published_at	2026-04-01T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40351
published_at	2026-04-02T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40376
published_at	2026-04-04T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40301
published_at	2026-04-07T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40352
published_at	2026-04-08T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40364
published_at	2026-04-09T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40375
published_at	2026-04-11T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40337
published_at	2026-04-12T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40318
published_at	2026-04-13T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40365
published_at	2026-04-16T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40333
published_at	2026-04-18T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40256
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22233

reference_url

https://security.archlinux.org/AVG-2137

reference_id

AVG-2137

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2137

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2021-22233

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yq7h-64jj-wfcs

329

url VCID-yuqy-3gu6-4kgy

vulnerability_id VCID-yuqy-3gu6-4kgy

summary An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. Unprivileged users were able to access labels, status and merge request counts of confidential issues via the milestone details page. It has Improper Access Control.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12429

reference_id

reference_type

scores

value	0.00075
scoring_system	epss
scoring_elements	0.22492
published_at	2026-04-01T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22666
published_at	2026-04-02T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2271
published_at	2026-04-04T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.225
published_at	2026-04-07T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2258
published_at	2026-04-08T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22635
published_at	2026-04-09T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2265
published_at	2026-04-11T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22609
published_at	2026-04-12T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22554
published_at	2026-04-13T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22568
published_at	2026-04-16T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22562
published_at	2026-04-18T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22512
published_at	2026-04-21T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22358
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12429

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-12429

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuqy-3gu6-4kgy

330

url VCID-yy74-uza7-qqgv

vulnerability_id VCID-yy74-uza7-qqgv

summary gitlab: GitLab: Cross-Site Scripting Vulnerability Leading to Arbitrary Code Execution

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13761.json

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13761.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-13761

reference_id

reference_type

scores

value	0.00046
scoring_system	epss
scoring_elements	0.13983
published_at	2026-04-24T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14127
published_at	2026-04-02T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.13982
published_at	2026-04-13T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.13877
published_at	2026-04-16T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.13868
published_at	2026-04-18T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.13947
published_at	2026-04-21T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14182
published_at	2026-04-04T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.13998
published_at	2026-04-07T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14079
published_at	2026-04-08T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14132
published_at	2026-04-09T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14076
published_at	2026-04-11T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14034
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-13761

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2428218
reference_id	2428218
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2428218

reference_url

https://hackerone.com/reports/3441368

reference_id

3441368

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-10T04:55:47Z/

url

https://hackerone.com/reports/3441368

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/582237

reference_id

582237

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-10T04:55:47Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/582237

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::
reference_id	cpe:2.3:a:gitlab:gitlab::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab::::::::

reference_url

https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/

reference_id

patch-release-gitlab-18-7-1-released

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-10T04:55:47Z/

url

https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/

fixed_packages

url	pkg:deb/debian/gitlab@0?distro=sid
purl	pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2025-13761

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yy74-uza7-qqgv

331

url VCID-zbdr-btjr-vkhh

vulnerability_id VCID-zbdr-btjr-vkhh

summary In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39884

reference_id

reference_type

scores

value	0.00274
scoring_system	epss
scoring_elements	0.50853
published_at	2026-04-24T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50782
published_at	2026-04-01T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50838
published_at	2026-04-02T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50864
published_at	2026-04-04T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50821
published_at	2026-04-07T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50878
published_at	2026-04-08T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50876
published_at	2026-04-09T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50918
published_at	2026-04-16T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50896
published_at	2026-04-12T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.5088
published_at	2026-04-13T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50924
published_at	2026-04-18T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50904
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39884

reference_url

reference_id

AVG-2432

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url