Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/923256?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "type": "deb", "namespace": "debian", "name": "gitlab", "version": "0", "qualifiers": { "distro": "sid" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "8.8.2+dfsg-1", "latest_non_vulnerable_version": "17.6.5-19", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/310352?format=api", "vulnerability_id": "VCID-1376-pbd4-b3d2", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01608", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01606", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01618", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03388", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03267", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03401", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03277", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04299", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06606", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0657", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06555", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06534", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06649", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11990" }, { "reference_url": "https://hackerone.com/reports/3257843", "reference_id": "3257843", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T20:11:06Z/" } ], "url": "https://hackerone.com/reports/3257843" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/577850", "reference_id": "577850", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T20:11:06Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/577850" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/", "reference_id": "patch-release-gitlab-18-5-2-released", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T20:11:06Z/" } ], "url": "https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-11990" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1376-pbd4-b3d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/342953?format=api", "vulnerability_id": "VCID-14mh-51rz-wfh1", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08276", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08337", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08355", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08345", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08325", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08308", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08206", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08193", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08328", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08273", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09878", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09889", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09923", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1282" }, { "reference_url": "https://hackerone.com/reports/3505596", "reference_id": "3505596", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:17:39Z/" } ], "url": "https://hackerone.com/reports/3505596" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/587106", "reference_id": "587106", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:17:39Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/587106" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/", "reference_id": "patch-release-gitlab-18-8-4-released", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:17:39Z/" } ], "url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-1282" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-14mh-51rz-wfh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/166122?format=api", "vulnerability_id": "VCID-16qt-vqab-abd4", "summary": "GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30881", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.3101", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.31058", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30875", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30933", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30963", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30966", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30924", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30879", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.3091", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.3089", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30856", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30693", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30577", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11438" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2017-11438" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-16qt-vqab-abd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/304753?format=api", "vulnerability_id": "VCID-17pv-1hd3-hfar", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of projects", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04867", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04654", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04794", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04828", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04637", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04661", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04673", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04707", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0472", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04713", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04696", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04679", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04647", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4895" }, { "reference_url": "https://hackerone.com/reports/2134787", "reference_id": "2134787", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-19T16:19:59Z/" } ], "url": "https://hackerone.com/reports/2134787" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/424766", "reference_id": "424766", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-19T16:19:59Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/424766" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-4895" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-17pv-1hd3-hfar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/233755?format=api", "vulnerability_id": "VCID-188n-vj83-cyhd", "summary": "GitLab EE 8.9 and later through 12.7.2 has Insecure Permission", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8114", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39958", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40105", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40131", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40052", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40118", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40128", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40091", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40072", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40122", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40093", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40015", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39843", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39828", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8114" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-8114" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-188n-vj83-cyhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/310933?format=api", "vulnerability_id": "VCID-19yp-u6j3-m7ha", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain conditions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12704", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02173", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0218", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02175", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02176", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02197", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02174", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03073", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03201", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03204", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03198", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03111", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03099", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03082", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12704" }, { "reference_url": "https://hackerone.com/reports/3389825", "reference_id": "3389825", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:42:44Z/" } ], "url": "https://hackerone.com/reports/3389825" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/579534", "reference_id": "579534", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:42:44Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/579534" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released/", "reference_id": "patch-release-gitlab-18-9-2-released", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:42:44Z/" } ], "url": "https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-12704" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-19yp-u6j3-m7ha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/188782?format=api", "vulnerability_id": "VCID-1ast-94m8-xkgu", "summary": "A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the Admin Group Member custom role could have escalated their privileges to include other custom roles.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8631", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06769", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06613", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06606", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06764", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0676", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06595", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0663", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0661", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06659", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06702", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.067", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06694", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06684", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8631" }, { "reference_url": "https://hackerone.com/reports/2478469", "reference_id": "2478469", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:36:15Z/" } ], "url": "https://hackerone.com/reports/2478469" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/462665", "reference_id": "462665", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:36:15Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/462665" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-8631" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ast-94m8-xkgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/213406?format=api", "vulnerability_id": "VCID-1ej8-vd35-g7cy", "summary": "GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability.", "references": [ { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" }, { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10078", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.2752", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27627", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27836", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27887", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27928", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27721", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27789", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27831", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27795", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27738", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27744", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27719", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27679", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10078" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10078", "reference_id": "CVE-2020-10078", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10078" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-10078" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ej8-vd35-g7cy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/180778?format=api", "vulnerability_id": "VCID-1kvk-ku8s-hkhd", "summary": "GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19581", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26403", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26454", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26498", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26272", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.2634", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26391", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.264", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26353", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26294", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26301", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26276", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.2624", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26166", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26163", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19581" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2018-19581" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1kvk-ku8s-hkhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/234352?format=api", "vulnerability_id": "VCID-1r5d-5dkb-vqbe", "summary": "In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22898", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23068", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23113", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22904", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22976", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23029", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23048", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23011", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22956", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22971", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22964", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22928", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22758", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22753", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8795" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-8795" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1r5d-5dkb-vqbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/229894?format=api", "vulnerability_id": "VCID-1rf6-swrd-1qfp", "summary": "An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which allowed cross project access for Security policy bot.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6356", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11197", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11173", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11175", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11302", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11241", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11385", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11441", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11231", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11312", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11366", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11372", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11338", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1131", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6356" }, { "reference_url": "https://hackerone.com/reports/2575051", "reference_id": "2575051", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T14:29:39Z/" } ], "url": "https://hackerone.com/reports/2575051" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/469108", "reference_id": "469108", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T14:29:39Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/469108" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-6356" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1rf6-swrd-1qfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/320046?format=api", "vulnerability_id": "VCID-1w1e-dqdq-8ya7", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13622", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13566", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13639", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13651", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13788", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13845", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13644", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13725", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13776", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13744", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13707", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13657", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13569", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2469" }, { "reference_url": "https://hackerone.com/reports/3030586", "reference_id": "3030586", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T14:12:51Z/" } ], "url": "https://hackerone.com/reports/3030586" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/525374", "reference_id": "525374", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T14:12:51Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/525374" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-2469" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1w1e-dqdq-8ya7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/239525?format=api", "vulnerability_id": "VCID-1x3k-7w4q-m3au", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05659", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0559", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05623", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05409", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05443", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05449", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05485", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05506", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05479", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05465", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05459", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0541", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05419", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1250" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/439175", "reference_id": "439175", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-13T01:11:42Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/439175" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-1250" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1x3k-7w4q-m3au" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/233664?format=api", "vulnerability_id": "VCID-1xa5-wjxc-9kgx", "summary": "GitLab EE 8.9 and later through 12.7.2 has Insecure Permission", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7979", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22447", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2262", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22663", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22452", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22533", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22588", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22603", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22562", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22508", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22523", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22518", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22468", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22312", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22302", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7979" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-7979" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xa5-wjxc-9kgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199127?format=api", "vulnerability_id": "VCID-21sr-q842-3fde", "summary": "GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19255", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21158", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21311", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21366", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2112", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.212", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21261", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21271", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2123", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21177", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21169", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21179", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21157", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21032", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21035", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19255" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-19255" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-21sr-q842-3fde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340477?format=api", "vulnerability_id": "VCID-22xm-2fsd-r7cc", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7739", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11132", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11195", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11017", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11097", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11151", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11156", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11123", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11101", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10965", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12222", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12168", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12274", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12255", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7739" }, { "reference_url": "https://hackerone.com/reports/3255849", "reference_id": "3255849", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-13T20:36:10Z/" } ], "url": "https://hackerone.com/reports/3255849" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/556111", "reference_id": "556111", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-13T20:36:10Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/556111" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-7739" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-22xm-2fsd-r7cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/180209?format=api", "vulnerability_id": "VCID-237a-hwkp-47ep", "summary": "An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28448", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28773", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28853", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28903", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.2871", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28776", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28816", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28819", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28775", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28726", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28745", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28722", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28674", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28559", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18648" }, { "reference_url": "https://security.archlinux.org/ASA-201810-16", "reference_id": "ASA-201810-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201810-16" }, { "reference_url": "https://security.archlinux.org/AVG-794", "reference_id": "AVG-794", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-794" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2018-18648" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-237a-hwkp-47ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/232653?format=api", "vulnerability_id": "VCID-24up-1zdt-pkba", "summary": "An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6832", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22526", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22698", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22743", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22531", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22609", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22662", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2268", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22639", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22583", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22598", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22594", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22544", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22393", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22382", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6832" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-6832" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-24up-1zdt-pkba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/279135?format=api", "vulnerability_id": "VCID-25a9-xgvg-yyet", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events webhooks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3351", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49017", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49006", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49057", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49053", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49022", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49008", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48985", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49012", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48966", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.4902", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49016", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49033", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3351" }, { "reference_url": "https://hackerone.com/reports/1446022", "reference_id": "1446022", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T20:22:29Z/" } ], "url": "https://hackerone.com/reports/1446022" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/364266", "reference_id": "364266", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T20:22:29Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/364266" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3351.json", "reference_id": "CVE-2022-3351.json", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T20:22:29Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3351.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-3351" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-25a9-xgvg-yyet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349399?format=api", "vulnerability_id": "VCID-29g5-5v96-hbd1", "summary": "", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-6396" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29g5-5v96-hbd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/196574?format=api", "vulnerability_id": "VCID-29tz-5t7b-8ber", "summary": "A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15586", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34469", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34688", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34714", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34584", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34627", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34656", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34658", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34619", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34596", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.3462", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34581", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34344", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34325", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15586" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-15586" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29tz-5t7b-8ber" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256743?format=api", "vulnerability_id": "VCID-2c2h-bx69-sycp", "summary": "In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39889", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.4777", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47719", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47757", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47777", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47726", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.4778", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47776", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47801", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47787", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47842", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47834", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39889" }, { "reference_url": "https://security.archlinux.org/AVG-2432", "reference_id": "AVG-2432", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2432" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-39889" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2c2h-bx69-sycp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199412?format=api", "vulnerability_id": "VCID-2g7c-p1aj-kkh7", "summary": "In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19628", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84066", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84079", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84096", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84098", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84121", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84127", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84145", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84139", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84135", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84157", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84159", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84163", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84188", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84194", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19628" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-19628" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2g7c-p1aj-kkh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199136?format=api", "vulnerability_id": "VCID-2gde-r64m-w3hn", "summary": "GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19261", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.2902", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29098", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29149", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28959", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29024", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29066", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29071", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29027", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28977", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28979", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28934", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28813", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28702", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19261" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-19261" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2gde-r64m-w3hn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256741?format=api", "vulnerability_id": "VCID-2mrs-2r3z-9qew", "summary": "In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39888", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48882", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48813", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.4885", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48876", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.4883", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48884", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48881", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48897", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48872", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.4888", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48928", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48924", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48885", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48873", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39888" }, { "reference_url": "https://security.archlinux.org/AVG-2432", "reference_id": "AVG-2432", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2432" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-39888" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2mrs-2r3z-9qew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/213424?format=api", "vulnerability_id": "VCID-2pnc-rr5x-fka2", "summary": "GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level.", "references": [ { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" }, { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10088", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15174", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1517", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1524", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15278", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15346", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15149", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15238", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15289", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15259", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15221", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15157", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15071", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15081", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1513", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10088" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10088", "reference_id": "CVE-2020-10088", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10088" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-10088" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2pnc-rr5x-fka2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/213402?format=api", "vulnerability_id": "VCID-318m-fdm8-nkeh", "summary": "GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.", "references": [ { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" }, { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10076", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.2752", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27627", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27836", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27887", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27928", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27721", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27789", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27831", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27795", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27738", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27744", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27719", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27679", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10076" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10076", "reference_id": "CVE-2020-10076", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10076" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-10076" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-318m-fdm8-nkeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353521?format=api", "vulnerability_id": "VCID-3b26-2ytc-a7h4", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.021", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02106", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5377" }, { "reference_url": "https://hackerone.com/reports/3640688", "reference_id": "3640688", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:52:07Z/" } ], "url": "https://hackerone.com/reports/3640688" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/595553", "reference_id": "595553", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:52:07Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/595553" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/", "reference_id": "patch-release-gitlab-18-11-1-released", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:52:07Z/" } ], "url": "https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-5377" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3b26-2ytc-a7h4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/285071?format=api", "vulnerability_id": "VCID-3csv-u81e-s7ag", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0805", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18337", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18473", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18416", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1843", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18451", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18353", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18667", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18721", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18435", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18515", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18568", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1857", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18523", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0805" }, { "reference_url": "https://hackerone.com/reports/1850046", "reference_id": "1850046", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:33:35Z/" } ], "url": "https://hackerone.com/reports/1850046" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/391433", "reference_id": "391433", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:33:35Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/391433" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0805.json", "reference_id": "CVE-2023-0805.json", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:33:35Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0805.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-0805" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3csv-u81e-s7ag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/309477?format=api", "vulnerability_id": "VCID-3gs4-gqmg-xka1", "summary": "An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition while uploading specifically crafted large JSON files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24794", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24639", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24652", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24644", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24621", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24833", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24607", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24676", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24724", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24737", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24696", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25612", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25604", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10858" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/570034", "reference_id": "570034", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-26T15:32:43Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/570034" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-10858" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gs4-gqmg-xka1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/339600?format=api", "vulnerability_id": "VCID-3h6k-pxpz-ufae", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6945", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05924", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05742", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05895", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0575", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06004", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06012", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06021", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07083", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17595", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17779", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17507", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17732", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17657", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6945" }, { "reference_url": "https://hackerone.com/reports/3173458", "reference_id": "3173458", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-17T20:15:58Z/" } ], "url": "https://hackerone.com/reports/3173458" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/552611", "reference_id": "552611", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-17T20:15:58Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/552611" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/", "reference_id": "patch-release-gitlab-18-5-2-released", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-17T20:15:58Z/" } ], "url": "https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-6945" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3h6k-pxpz-ufae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/193741?format=api", "vulnerability_id": "VCID-3kc4-wkcr-fyen", "summary": "An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12430", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03738", "scoring_system": "epss", "scoring_elements": "0.8795", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03738", "scoring_system": "epss", "scoring_elements": "0.8796", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03738", "scoring_system": "epss", "scoring_elements": "0.87974", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03738", "scoring_system": "epss", "scoring_elements": "0.87978", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03738", "scoring_system": "epss", "scoring_elements": "0.87998", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03738", "scoring_system": "epss", "scoring_elements": "0.88005", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03738", "scoring_system": "epss", "scoring_elements": "0.88015", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03738", "scoring_system": "epss", "scoring_elements": "0.88008", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03738", "scoring_system": "epss", "scoring_elements": "0.88022", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03738", "scoring_system": "epss", "scoring_elements": "0.88021", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03738", "scoring_system": "epss", "scoring_elements": "0.88038", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03738", "scoring_system": "epss", "scoring_elements": "0.88043", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12430" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-12430" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kc4-wkcr-fyen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/310129?format=api", "vulnerability_id": "VCID-3mdj-vvxm-c7ce", "summary": "GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11702", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01158", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01151", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01168", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01809", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01711", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01712", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01803", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01814", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01741", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01749", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01734", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01724", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01722", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11702" }, { "reference_url": "https://hackerone.com/reports/3356284", "reference_id": "3356284", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:02Z/" } ], "url": "https://hackerone.com/reports/3356284" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/576900", "reference_id": "576900", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:02Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/576900" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/", "reference_id": "patch-release-gitlab-18-5-1-released", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:02Z/" } ], "url": "https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-11702" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3mdj-vvxm-c7ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/229654?format=api", "vulnerability_id": "VCID-3mj7-6ytn-v3au", "summary": "Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6323", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2058", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20697", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20584", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20888", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20948", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20662", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20738", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20799", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20818", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20775", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20723", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20713", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2071", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6323" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/457912", "reference_id": "457912", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-02T15:49:24Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/457912" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-6323" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3mj7-6ytn-v3au" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/283977?format=api", "vulnerability_id": "VCID-3sq5-5xuv-6ydz", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4343", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11655", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1161", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11733", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11694", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11834", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11876", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11663", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11747", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.118", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11811", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11772", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11611", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4343" }, { "reference_url": "https://hackerone.com/reports/1767797", "reference_id": "1767797", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:26:51Z/" } ], "url": "https://hackerone.com/reports/1767797" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/385124", "reference_id": "385124", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:26:51Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/385124" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-4343" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3sq5-5xuv-6ydz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/312356?format=api", "vulnerability_id": "VCID-3tce-4yu6-k3cc", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security configuration due to improper access control", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14595", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02743", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02736", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02719", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02731", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02843", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02835", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02759", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02765", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02768", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02787", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02757", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0274", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03995", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14595" }, { "reference_url": "https://hackerone.com/reports/3457779", "reference_id": "3457779", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:58:30Z/" } ], "url": "https://hackerone.com/reports/3457779" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/583971", "reference_id": "583971", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:58:30Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/583971" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/", "reference_id": "patch-release-gitlab-18-10-1-released", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:58:30Z/" } ], "url": "https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-14595" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3tce-4yu6-k3cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/307325?format=api", "vulnerability_id": "VCID-3tzg-w2p4-byd1", "summary": "An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or merge to protected branches.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6564", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07308", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07302", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07215", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0726", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07239", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07294", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0732", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07316", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07303", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07224", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07219", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07345", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6564" }, { "reference_url": "https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17213", "reference_id": "17213", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T19:46:07Z/" } ], "url": "https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17213" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-6564" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3tzg-w2p4-byd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/334071?format=api", "vulnerability_id": "VCID-3tzx-frpw-1ff4", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to gain unauthorized access to confidential issues by creating a project with an identical name to the victim's project.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5069", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00716", "published_at": "2026-04-02T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00705", "published_at": "2026-04-11T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00699", "published_at": "2026-04-12T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00698", "published_at": "2026-04-13T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00696", "published_at": "2026-04-16T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00701", "published_at": "2026-04-18T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00743", "published_at": "2026-04-21T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00712", "published_at": "2026-04-04T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00717", "published_at": "2026-04-07T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00715", "published_at": "2026-04-08T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00706", "published_at": "2026-04-09T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00906", "published_at": "2026-04-24T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.0091", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5069" }, { "reference_url": "https://hackerone.com/reports/3019236", "reference_id": "3019236", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T13:11:58Z/" } ], "url": "https://hackerone.com/reports/3019236" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/544926", "reference_id": "544926", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T13:11:58Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/544926" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-5069" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3tzx-frpw-1ff4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/196584?format=api", "vulnerability_id": "VCID-3ugm-9xb8-auep", "summary": "GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15594", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56582", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56679", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.567", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56678", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.5673", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56734", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56742", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56718", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56697", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56728", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56726", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56638", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56655", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15594" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-15594" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ugm-9xb8-auep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/233663?format=api", "vulnerability_id": "VCID-3v4x-dgv8-3fbk", "summary": "GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7978", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34101", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34441", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34469", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34336", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34379", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34408", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.3441", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34371", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34347", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34381", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34368", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34327", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33955", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33935", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7978" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-7978" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3v4x-dgv8-3fbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/285775?format=api", "vulnerability_id": "VCID-3xbq-u1r1-8ucx", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1825", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53623", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53653", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53636", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53673", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53678", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53661", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53607", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53576", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53626", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53622", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53671", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.57967", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1825" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/384035", "reference_id": "384035", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:56:35Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/384035" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1825.json", "reference_id": "CVE-2023-1825.json", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:56:35Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1825.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-1825" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3xbq-u1r1-8ucx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/231324?format=api", "vulnerability_id": "VCID-3xq1-rm4q-r3aa", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9596", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32259", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32535", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32375", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32685", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.3272", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.3254", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32588", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32614", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32616", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32577", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32551", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32589", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32567", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9596" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/493355", "reference_id": "493355", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:54:54Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/493355" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-9596" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3xq1-rm4q-r3aa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240576?format=api", "vulnerability_id": "VCID-48bc-4shc-9yax", "summary": "A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22259", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51593", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51506", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51558", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51585", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51546", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.516", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51597", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51646", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51625", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51609", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.5165", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51657", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51636", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51588", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22259" }, { "reference_url": "https://security.archlinux.org/AVG-2432", "reference_id": "AVG-2432", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2432" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-22259" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-48bc-4shc-9yax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206493?format=api", "vulnerability_id": "VCID-48fk-q4qh-pkcz", "summary": "An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.", "references": [ { "reference_url": "https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6793", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05289", "scoring_system": "epss", "scoring_elements": "0.90043", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05289", "scoring_system": "epss", "scoring_elements": "0.90042", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05289", "scoring_system": "epss", "scoring_elements": "0.89969", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05289", "scoring_system": "epss", "scoring_elements": "0.89971", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05289", "scoring_system": "epss", "scoring_elements": "0.89984", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05289", "scoring_system": "epss", "scoring_elements": "0.89989", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05289", "scoring_system": "epss", "scoring_elements": "0.90005", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05289", "scoring_system": "epss", "scoring_elements": "0.90011", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05289", "scoring_system": "epss", "scoring_elements": "0.90019", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05289", "scoring_system": "epss", "scoring_elements": "0.90017", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05289", "scoring_system": "epss", "scoring_elements": "0.90027", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05289", "scoring_system": "epss", "scoring_elements": "0.90028", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05289", "scoring_system": "epss", "scoring_elements": "0.90025", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6793" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/50748", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/50748" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6793", "reference_id": "CVE-2019-6793", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6793" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-6793" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-48fk-q4qh-pkcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240447?format=api", "vulnerability_id": "VCID-49ze-sajt-pqhj", "summary": "An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42003", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42062", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42123", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42151", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42088", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42139", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.4215", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42172", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42135", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42111", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42162", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42136", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42066", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42008", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22169" }, { "reference_url": "https://security.archlinux.org/AVG-1522", "reference_id": "AVG-1522", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1522" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-22169" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-49ze-sajt-pqhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201085?format=api", "vulnerability_id": "VCID-4hy7-yhb6-dqeq", "summary": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22447", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2262", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22663", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22452", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22533", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22588", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22603", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22562", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22508", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22523", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22518", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22468", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22312", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22302", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20143" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-20143" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hy7-yhb6-dqeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/180204?format=api", "vulnerability_id": "VCID-4nq8-46us-fqdx", "summary": "GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18643", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26511", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26746", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26792", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26832", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26616", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26683", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26733", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26737", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26693", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26636", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26643", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26615", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26576", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26518", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18643" }, { "reference_url": "https://security.archlinux.org/ASA-201810-16", "reference_id": "ASA-201810-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201810-16" }, { "reference_url": "https://security.archlinux.org/AVG-794", "reference_id": "AVG-794", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-794" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2018-18643" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4nq8-46us-fqdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/233653?format=api", "vulnerability_id": "VCID-4ta4-kfy3-akhe", "summary": "GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22898", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23068", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23113", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22904", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22976", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23029", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23048", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23011", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22956", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22971", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22964", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22928", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22758", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22753", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7969" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-7969" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ta4-kfy3-akhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353693?format=api", "vulnerability_id": "VCID-4thp-7bpj-aug4", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0173", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01724", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6515" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/595993", "reference_id": "595993", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:50:48Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/595993" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/", "reference_id": "patch-release-gitlab-18-11-1-released", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:50:48Z/" } ], "url": "https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-6515" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4thp-7bpj-aug4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/224029?format=api", "vulnerability_id": "VCID-4vm6-67ra-6fct", "summary": "Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12861", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12921", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13012", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13063", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12862", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1294", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12991", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12951", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12916", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12871", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12773", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12777", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12875", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12896", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26416" }, { "reference_url": "https://security.archlinux.org/AVG-1347", "reference_id": "AVG-1347", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1347" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-26416" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4vm6-67ra-6fct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/304183?format=api", "vulnerability_id": "VCID-4wbe-6aps-vbb5", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18455", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1847", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18789", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18842", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18561", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1864", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18695", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.187", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18652", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.186", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18546", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18555", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18575", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4002" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416647", "reference_id": "416647", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T15:43:20Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416647" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-4002" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4wbe-6aps-vbb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/205569?format=api", "vulnerability_id": "VCID-53q6-5862-v7gn", "summary": "An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5487", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57207", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57288", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57311", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57287", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57339", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57341", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57355", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57336", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57315", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57342", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57337", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57316", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57273", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57296", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5487" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-5487" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53q6-5862-v7gn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/180775?format=api", "vulnerability_id": "VCID-53qj-x6qr-5bez", "summary": "GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19578", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25972", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26055", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26097", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25863", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25933", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25985", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25995", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25951", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25891", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25894", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25876", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25845", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25781", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25773", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19578" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2018-19578" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53qj-x6qr-5bez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/310339?format=api", "vulnerability_id": "VCID-55vs-4nhw-vubr", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.7 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to create a denial of service condition by uploading large files to specific API endpoints.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11974", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18075", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18021", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20694", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20698", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20791", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20871", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20932", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20949", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20905", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20853", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20844", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20836", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11974" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/571761", "reference_id": "571761", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T14:59:43Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/571761" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/", "reference_id": "patch-release-gitlab-18-5-1-released", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T14:59:43Z/" } ], "url": "https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-11974" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-55vs-4nhw-vubr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/308604?format=api", "vulnerability_id": "VCID-56wd-rh4g-b3hg", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom service desk email addresses.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04055", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04036", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04075", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0407", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06427", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0608", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06092", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06389", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06403", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06139", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0613", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06126", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06119", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0765" }, { "reference_url": "https://hackerone.com/reports/2956315", "reference_id": "2956315", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-24T13:09:53Z/" } ], "url": "https://hackerone.com/reports/2956315" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/515381", "reference_id": "515381", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-24T13:09:53Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/515381" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-0765" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-56wd-rh4g-b3hg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/298799?format=api", "vulnerability_id": "VCID-58kh-kcb1-jbhy", "summary": "An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06094", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06123", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06108", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0615", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06187", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06179", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06175", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06166", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06125", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06136", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06289", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06306", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06331", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3904" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-3904" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-58kh-kcb1-jbhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/312355?format=api", "vulnerability_id": "VCID-59hw-hc3p-mfb3", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14594", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02593", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02615", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02635", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02614", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02601", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02599", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02582", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0259", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02607", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02611", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03794", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03803", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.038", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14594" }, { "reference_url": "https://hackerone.com/reports/3457591", "reference_id": "3457591", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:17:08Z/" } ], "url": "https://hackerone.com/reports/3457591" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/583967", "reference_id": "583967", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:17:08Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/583967" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/", "reference_id": "patch-release-gitlab-18-8-4-released", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:17:08Z/" } ], "url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-14594" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-59hw-hc3p-mfb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/306935?format=api", "vulnerability_id": "VCID-5d64-9dru-b7hx", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the policy bot to gain access to internal projects.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12008", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12052", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11854", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11937", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11989", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11998", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11961", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11934", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11805", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11802", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11921", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11891", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11862", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5995" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-5995" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5d64-9dru-b7hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350989?format=api", "vulnerability_id": "VCID-5jah-h98s-j3fz", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL queries.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1101", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04721", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04715", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04697", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0468", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06128", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06075", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06098", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05912", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05923", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1101" }, { "reference_url": "https://hackerone.com/reports/3460228", "reference_id": "3460228", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:40:51Z/" } ], "url": "https://hackerone.com/reports/3460228" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/586488", "reference_id": "586488", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:40:51Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/586488" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "reference_id": "patch-release-gitlab-18-10-3-released", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:40:51Z/" } ], "url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-1101" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5jah-h98s-j3fz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144965?format=api", "vulnerability_id": "VCID-5mst-deb6-u7ea", "summary": "The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4583", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53366", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53389", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53415", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53384", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53436", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53432", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53481", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53464", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53448", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53485", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.5349", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53471", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53442", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53456", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4583" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2013-4583" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5mst-deb6-u7ea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353523?format=api", "vulnerability_id": "VCID-5t22-tj15-k7e2", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5816", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02252", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02261", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5816" }, { "reference_url": "https://hackerone.com/reports/3572231", "reference_id": "3572231", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T17:51:35Z/" } ], "url": "https://hackerone.com/reports/3572231" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/592816", "reference_id": "592816", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T17:51:35Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/592816" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/", "reference_id": "patch-release-gitlab-18-11-1-released", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T17:51:35Z/" } ], "url": "https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-5816" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5t22-tj15-k7e2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240442?format=api", "vulnerability_id": "VCID-5wbt-x41a-e7bs", "summary": "An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35286", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35449", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35648", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35673", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35554", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35599", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35623", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35633", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35588", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35566", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35605", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35594", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35546", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35307", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22166" }, { "reference_url": "https://security.archlinux.org/ASA-202101-10", "reference_id": "ASA-202101-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-10" }, { "reference_url": "https://security.archlinux.org/AVG-1416", "reference_id": "AVG-1416", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1416" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-22166" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5wbt-x41a-e7bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/213413?format=api", "vulnerability_id": "VCID-5yph-sn9e-77cm", "summary": "GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered.", "references": [ { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" }, { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29695", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29808", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.3003", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30067", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30114", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29927", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29989", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30023", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30029", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29984", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29935", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29951", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29931", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29883", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10082" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10082", "reference_id": "CVE-2020-10082", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10082" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-10082" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5yph-sn9e-77cm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/308534?format=api", "vulnerability_id": "VCID-61tr-7wfd-2yf4", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04105", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04085", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04119", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14688", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.1459", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14596", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14657", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14689", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14769", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.1483", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14789", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14751", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14695", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0673" }, { "reference_url": "https://hackerone.com/reports/2936949", "reference_id": "2936949", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:44Z/" } ], "url": "https://hackerone.com/reports/2936949" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/514732", "reference_id": "514732", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:44Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/514732" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-0673" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-61tr-7wfd-2yf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/196716?format=api", "vulnerability_id": "VCID-621k-br7q-uke3", "summary": "An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information.", "references": [ { "reference_url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.6434", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64327", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64186", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64244", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64271", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64232", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64282", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64297", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.6431", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64299", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64272", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64307", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64317", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15725" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11431", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11431" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15725", "reference_id": "CVE-2019-15725", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15725" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-15725" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-621k-br7q-uke3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216154?format=api", "vulnerability_id": "VCID-66a9-vpgx-p7fp", "summary": "In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13288", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41644", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41728", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41756", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41683", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41733", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41741", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41764", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41731", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41717", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41738", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41664", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41572", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41569", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13288" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13288" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-66a9-vpgx-p7fp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/205550?format=api", "vulnerability_id": "VCID-68y2-v6p9-byge", "summary": "An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5467", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.2117", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21169", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21309", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21465", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21519", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21272", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21351", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21412", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.2142", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21381", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21326", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21321", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21329", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21304", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5467" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/60143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/60143" }, { "reference_url": "https://hackerone.com/reports/526325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/526325" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5467", "reference_id": "CVE-2019-5467", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-5467" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-68y2-v6p9-byge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/233648?format=api", "vulnerability_id": "VCID-6a5t-28zw-mkcq", "summary": "GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17128", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17294", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17343", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17124", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17215", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17272", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17251", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17203", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17143", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17082", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17088", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17122", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17028", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1701", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7966" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-7966" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6a5t-28zw-mkcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240546?format=api", "vulnerability_id": "VCID-6avw-ar1d-tudd", "summary": "Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22240", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45239", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.4532", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45342", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45285", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.4534", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45362", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.4533", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45332", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45383", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45379", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45329", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45246", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22240" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-22240" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6avw-ar1d-tudd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200183?format=api", "vulnerability_id": "VCID-6g7d-ehrz-7ugt", "summary": "An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with `admin_compliance_framework` custom role may have been able to modify the URL for a group namespace.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5257", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08077", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08015", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08156", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08114", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08076", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08119", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08069", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0813", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08151", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08145", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08125", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08108", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5257" }, { "reference_url": "https://hackerone.com/reports/2513934", "reference_id": "2513934", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-23T18:30:14Z/" } ], "url": "https://hackerone.com/reports/2513934" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/463149", "reference_id": "463149", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-23T18:30:14Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/463149" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-5257" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6g7d-ehrz-7ugt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/220719?format=api", "vulnerability_id": "VCID-6gnx-62th-ufas", "summary": "An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim via the Device OAuth flow.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30756", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30804", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36914", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36854", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36906", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36879", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36839", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.3689", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51575", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51583", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.5883", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58832", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58815", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7404" }, { "reference_url": "https://hackerone.com/reports/2627925", "reference_id": "2627925", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-14T15:07:52Z/" } ], "url": "https://hackerone.com/reports/2627925" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/476670", "reference_id": "476670", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-14T15:07:52Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/476670" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#device-oauth-flow-allows-for-cross-window-forgery", "reference_id": "#device-oauth-flow-allows-for-cross-window-forgery", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-14T15:07:52Z/" } ], "url": "https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#device-oauth-flow-allows-for-cross-window-forgery" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-7404" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6gnx-62th-ufas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/338977?format=api", "vulnerability_id": "VCID-6qcm-yqpn-k3ax", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15406", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15476", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15279", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15368", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15418", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15379", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1534", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15275", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15189", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16684", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16761", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16794", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16699", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6186" }, { "reference_url": "https://hackerone.com/reports/3189522", "reference_id": "3189522", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-13T20:36:42Z/" } ], "url": "https://hackerone.com/reports/3189522" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/549844", "reference_id": "549844", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-13T20:36:42Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/549844" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-6186" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6qcm-yqpn-k3ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/285882?format=api", "vulnerability_id": "VCID-6z5v-da6y-d3gg", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18925", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19071", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19027", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19039", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19048", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1894", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19264", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19316", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19031", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1911", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19164", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1917", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19123", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1965" }, { "reference_url": "https://hackerone.com/reports/1923672", "reference_id": "1923672", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-29T21:39:52Z/" } ], "url": "https://hackerone.com/reports/1923672" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/406235", "reference_id": "406235", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-29T21:39:52Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/406235" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1965.json", "reference_id": "CVE-2023-1965.json", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-29T21:39:52Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1965.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-1965" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6z5v-da6y-d3gg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/283857?format=api", "vulnerability_id": "VCID-6ze1-1hs4-wyhb", "summary": "Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41457", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41643", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41568", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41461", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41631", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41659", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41586", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41636", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41645", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41669", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41622", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4167" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/367740", "reference_id": "367740", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:28:24Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/367740" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4167.json", "reference_id": "CVE-2022-4167.json", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:28:24Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4167.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-4167" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ze1-1hs4-wyhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240700?format=api", "vulnerability_id": "VCID-6znm-hc5g-a3bs", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1539", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13044", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12982", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12985", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13083", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13076", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13203", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13269", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13069", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1315", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13202", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13171", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13133", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13081", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1539" }, { "reference_url": "https://hackerone.com/reports/2369988", "reference_id": "2369988", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T14:30:26Z/" } ], "url": "https://hackerone.com/reports/2369988" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/442049", "reference_id": "442049", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T14:30:26Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/442049" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-1539" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6znm-hc5g-a3bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144963?format=api", "vulnerability_id": "VCID-71pn-8jnf-dqft", "summary": "GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4581", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.77943", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.7795", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.77979", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.7796", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.77987", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.77992", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78018", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78001", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78035", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78034", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78027", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.7806", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78067", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4581" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2013-4581" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-71pn-8jnf-dqft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199137?format=api", "vulnerability_id": "VCID-73m6-xqtw-kqcq", "summary": "GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19262", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23612", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23769", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23811", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23587", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23656", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23702", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23719", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23678", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23621", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23626", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23608", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23428", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23417", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19262" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-19262" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-73m6-xqtw-kqcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/235706?format=api", "vulnerability_id": "VCID-73zx-y2xe-ybd8", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10240", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32937", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38809", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38862", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38875", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38887", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38823", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38851", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38859", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.3888", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39548", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39738", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39559", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3982", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10240" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/493188", "reference_id": "493188", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-26T20:24:41Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/493188" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#information-disclosure-through-an-api-endpoint", "reference_id": "#information-disclosure-through-an-api-endpoint", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-26T20:24:41Z/" } ], "url": "https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#information-disclosure-through-an-api-endpoint" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-10240" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-73zx-y2xe-ybd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/309188?format=api", "vulnerability_id": "VCID-76e1-wt6f-mkbx", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending specially crafted payloads.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19967", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19911", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22432", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22648", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22645", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22596", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22442", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22583", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22659", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2271", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22729", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2269", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22633", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10497" }, { "reference_url": "https://hackerone.com/reports/3338151", "reference_id": "3338151", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-28T15:02:41Z/" } ], "url": "https://hackerone.com/reports/3338151" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/570336", "reference_id": "570336", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-28T15:02:41Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/570336" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/", "reference_id": "patch-release-gitlab-18-5-1-released", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-28T15:02:41Z/" } ], "url": "https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-10497" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-76e1-wt6f-mkbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/231354?format=api", "vulnerability_id": "VCID-78p7-cp4f-bkbg", "summary": "An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9512", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02767", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02789", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02781", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12272", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12218", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1222", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12324", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12306", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12337", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12387", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12395", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12357", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12319", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9512" }, { "reference_url": "https://hackerone.com/reports/2683469", "reference_id": "2683469", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-12T14:12:49Z/" } ], "url": "https://hackerone.com/reports/2683469" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/497748", "reference_id": "497748", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-12T14:12:49Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/497748" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-9512" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-78p7-cp4f-bkbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/189817?format=api", "vulnerability_id": "VCID-7be1-7wvf-h3bd", "summary": "An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13414", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13438", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13443", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13577", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13637", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13435", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13516", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13565", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13539", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13501", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13455", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13368", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13366", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8311" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/479315", "reference_id": "479315", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T18:45:43Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/479315" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-8311" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7be1-7wvf-h3bd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/306912?format=api", "vulnerability_id": "VCID-7gz7-5b5c-mkga", "summary": "An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5963", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02151", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0216", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02138", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02144", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02139", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02157", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02134", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02119", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02115", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02091", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02103", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02191", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5963" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/423468", "reference_id": "423468", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:45:18Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/423468" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-5963" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7gz7-5b5c-mkga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/306291?format=api", "vulnerability_id": "VCID-7hhz-j8p7-zfd1", "summary": "An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5106", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12071", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12016", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12047", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12519", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12453", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12413", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12319", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1232", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12581", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12388", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12468", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12538", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12491", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5106" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/commit/67039cfcae80b8fc0496f79be88714873cd169b3", "reference_id": "67039cfcae80b8fc0496f79be88714873cd169b3", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-30T15:13:29Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/commit/67039cfcae80b8fc0496f79be88714873cd169b3" }, { "reference_url": "https://gitlab.com/gitlab-org/security/gitlab/-/issues/980", "reference_id": "980", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-30T15:13:29Z/" } ], "url": "https://gitlab.com/gitlab-org/security/gitlab/-/issues/980" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-5106" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7hhz-j8p7-zfd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/196735?format=api", "vulnerability_id": "VCID-7s4d-c1p8-f7gs", "summary": "An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email.", "references": [ { "reference_url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15738", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.4989", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49883", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49823", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.4986", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49888", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49839", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49894", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49887", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49905", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49877", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49879", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49924", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49925", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49897", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15738" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/63124", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/63124" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15738", "reference_id": "CVE-2019-15738", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15738" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-15738" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7s4d-c1p8-f7gs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199178?format=api", "vulnerability_id": "VCID-7u3g-he8d-v3gh", "summary": "GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19309", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21158", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21311", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21366", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2112", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.212", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21261", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21271", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2123", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21177", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21169", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21179", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21157", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21032", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21035", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19309" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-19309" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7u3g-he8d-v3gh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199185?format=api", "vulnerability_id": "VCID-7uhu-eyv3-hyc3", "summary": "GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19314", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18736", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18873", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18926", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18648", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18727", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18781", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18786", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18739", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18689", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18638", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1865", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18668", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1856", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18539", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19314" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-19314" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7uhu-eyv3-hyc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216129?format=api", "vulnerability_id": "VCID-7ver-nghd-d7gj", "summary": "A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13267", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65312", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65361", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65387", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65351", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65404", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65415", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65434", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.6542", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65393", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65429", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65425", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65441", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65453", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13267" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13267" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ver-nghd-d7gj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/348586?format=api", "vulnerability_id": "VCID-7ww3-rtvx-7bgy", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3857", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01291", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01293", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01286", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.013", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01374", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01383", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01295", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01306", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01312", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01315", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01299", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01687", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3857" }, { "reference_url": "https://hackerone.com/reports/3584382", "reference_id": "3584382", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T03:55:34Z/" } ], "url": "https://hackerone.com/reports/3584382" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/592828", "reference_id": "592828", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T03:55:34Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/592828" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/", "reference_id": "patch-release-gitlab-18-10-1-released", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T03:55:34Z/" } ], "url": "https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-3857" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ww3-rtvx-7bgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/304400?format=api", "vulnerability_id": "VCID-7xpa-wsmb-1uat", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01847", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0185", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01781", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01794", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01797", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0181", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01804", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01793", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0179", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01779", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01778", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0186", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4379" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415496", "reference_id": "415496", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-30T15:30:35Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415496" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-4379" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7xpa-wsmb-1uat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/224024?format=api", "vulnerability_id": "VCID-82a8-grn5-eqdj", "summary": "Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26412", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32225", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32511", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32655", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32691", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32513", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32561", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32587", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32589", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32551", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32523", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.3256", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32538", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32506", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32341", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26412" }, { "reference_url": "https://security.archlinux.org/AVG-1347", "reference_id": "AVG-1347", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1347" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-26412" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-82a8-grn5-eqdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199132?format=api", "vulnerability_id": "VCID-83vb-hq6n-cygb", "summary": "GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19259", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18717", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18854", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18907", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18628", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18707", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18761", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18766", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18719", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1867", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18618", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1863", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18649", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18541", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1852", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19259" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-19259" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-83vb-hq6n-cygb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216141?format=api", "vulnerability_id": "VCID-89jf-z93z-f3b4", "summary": "A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13275", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.3478", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34979", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.35005", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34886", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.3493", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34959", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34963", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34927", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34904", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34943", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34926", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34881", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34648", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34627", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13275" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13275" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-89jf-z93z-f3b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/313682?format=api", "vulnerability_id": "VCID-8bb8-3yy2-nfes", "summary": "An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.6453", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64504", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64496", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64517", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64429", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64459", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64419", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64467", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64483", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64498", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64486", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64458", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64493", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1763" }, { "reference_url": "https://hackerone.com/reports/3016600", "reference_id": "3016600", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T12:50:03Z/" } ], "url": "https://hackerone.com/reports/3016600" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/521718", "reference_id": "521718", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T12:50:03Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/521718" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-1763" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8bb8-3yy2-nfes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/215652?format=api", "vulnerability_id": "VCID-8bwa-wdaj-t3h2", "summary": "GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12448", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28839", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28916", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28966", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28773", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.2888", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28886", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28841", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28792", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28811", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28789", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28739", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28627", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28514", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12448" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-12448" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8bwa-wdaj-t3h2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350994?format=api", "vulnerability_id": "VCID-8ccz-1vym-3yev", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user with auditor privileges to modify vulnerability flag data in private projects due to incorrect authorization.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2619", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01791", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01784", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01773", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01771", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02719", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02731", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03402", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03389", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03392", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2619" }, { "reference_url": "https://hackerone.com/reports/3554982", "reference_id": "3554982", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:04:19Z/" } ], "url": "https://hackerone.com/reports/3554982" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/590430", "reference_id": "590430", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:04:19Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/590430" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "reference_id": "patch-release-gitlab-18-10-3-released", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:04:19Z/" } ], "url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-2619" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ccz-1vym-3yev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65179?format=api", "vulnerability_id": "VCID-8d3w-b64w-nyc9", "summary": "gitlab: GitLab: Unauthorized access to AI model settings via namespace identifier manipulation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13772.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13772", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00456", "published_at": "2026-04-24T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00443", "published_at": "2026-04-02T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00424", "published_at": "2026-04-16T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00458", "published_at": "2026-04-26T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00442", "published_at": "2026-04-04T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00435", "published_at": "2026-04-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00431", "published_at": "2026-04-08T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00433", "published_at": "2026-04-09T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00434", "published_at": "2026-04-11T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00429", "published_at": "2026-04-18T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00428", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13772" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428224", "reference_id": "2428224", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428224" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/581268", "reference_id": "581268", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:13:05Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/581268" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/", "reference_id": "patch-release-gitlab-18-7-1-released", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:13:05Z/" } ], "url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-13772" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8d3w-b64w-nyc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6951?format=api", "vulnerability_id": "VCID-8p24-6g5t-fqdq", "summary": "Repository#grep accepts Unix pipes by default\nSee CVE-2013-4489 advisory for GitLab: Remote code execution vulnerability in the code search feature http://seclists.org/oss-sec/2013/q4/224", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4489", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42183", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42367", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42331", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42303", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42352", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42328", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42255", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42187", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42244", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42319", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42347", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42289", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42337", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42344", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4489" }, { "reference_url": "https://github.com/gitlabhq/grit", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/gitlabhq/grit" }, { "reference_url": "https://github.com/gitlabhq/grit/commit/40f33a4f4f5604c2a531a1d86901fd81ac4402c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/gitlabhq/grit/commit/40f33a4f4f5604c2a531a1d86901fd81ac4402c4" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/gitlab-grit/CVE-2013-4489.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/gitlab-grit/CVE-2013-4489.yml" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab-grit/-/blob/v2.6.1/History.txt?ref_type=tags#L2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.com/gitlab-org/gitlab-grit/-/blob/v2.6.1/History.txt?ref_type=tags#L2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4489", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4489" }, { "reference_url": "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release" }, { "reference_url": "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/" }, { "reference_url": "https://github.com/advisories/GHSA-95xq-v4m2-fq3r", "reference_id": "GHSA-95xq-v4m2-fq3r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-95xq-v4m2-fq3r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2013-4489", "GHSA-95xq-v4m2-fq3r", "OSV-99370" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8p24-6g5t-fqdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/166121?format=api", "vulnerability_id": "VCID-8pxg-vb31-zqhm", "summary": "GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25519", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25588", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25624", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25393", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25462", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25509", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25521", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25478", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25421", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25427", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25417", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25385", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25349", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25342", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11437" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2017-11437" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8pxg-vb31-zqhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/194150?format=api", "vulnerability_id": "VCID-8py3-7bhm-3ugu", "summary": "Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12825", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17891", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18052", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18107", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17809", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17897", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17957", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17974", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17929", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1788", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17823", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17832", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1787", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17775", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17754", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12825" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-12825" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8py3-7bhm-3ugu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/343017?format=api", "vulnerability_id": "VCID-8znh-gknj-5fdq", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of Service by uploading a malicious file and repeatedly querying it through GraphQl.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1387", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13474", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13414", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13463", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13437", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13402", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13356", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13263", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13261", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13536", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13331", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15658", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15691", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15694", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1387" }, { "reference_url": "https://hackerone.com/reports/3515994", "reference_id": "3515994", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:17:22Z/" } ], "url": "https://hackerone.com/reports/3515994" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/587546", "reference_id": "587546", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:17:22Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/587546" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/", "reference_id": "patch-release-gitlab-18-8-4-released", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:17:22Z/" } ], "url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-1387" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8znh-gknj-5fdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216238?format=api", "vulnerability_id": "VCID-974b-ft33-k7fu", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13348", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.2186", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22024", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22075", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.2184", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21916", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21971", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21984", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21943", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21887", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21888", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21894", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21855", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21708", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.217", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13348" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13348" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-974b-ft33-k7fu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/308439?format=api", "vulnerability_id": "VCID-982z-kxzh-27dh", "summary": "A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09333", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0921", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09319", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09361", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09351", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11273", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12562", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18165", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18256", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18282", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18181", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46002", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46023", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0555" }, { "reference_url": "https://hackerone.com/reports/2939833", "reference_id": "2939833", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:50:31Z/" } ], "url": "https://hackerone.com/reports/2939833" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/514004", "reference_id": "514004", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:50:31Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/514004" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-0555" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-982z-kxzh-27dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199139?format=api", "vulnerability_id": "VCID-9cuf-1y7k-b3ey", "summary": "GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19263", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13872", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13956", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14011", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13813", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13896", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13949", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13905", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13869", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13821", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13731", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13727", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13802", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13823", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13791", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19263" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-19263" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9cuf-1y7k-b3ey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/219406?format=api", "vulnerability_id": "VCID-9dza-uktz-pqgc", "summary": "An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7586", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03154", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03164", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03801", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03805", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0383", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03773", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03793", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03746", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06276", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06233", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06247", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06074", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06085", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7586" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/463866", "reference_id": "463866", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-20T14:52:57Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/463866" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-7586" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9dza-uktz-pqgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/233661?format=api", "vulnerability_id": "VCID-9ef6-arq8-qfa7", "summary": "GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7977", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16149", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16332", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16393", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16192", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16277", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16341", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16323", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16284", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16153", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1617", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16208", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16098", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16095", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7977" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-7977" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ef6-arq8-qfa7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/194312?format=api", "vulnerability_id": "VCID-9hj6-5zkd-7kgf", "summary": "An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass.", "references": [ { "reference_url": "https://about.gitlab.com/blog/categories/releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/blog/categories/releases/" }, { "reference_url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22143", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22154", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22285", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22451", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22496", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22284", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22367", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22422", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22443", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22401", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22345", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22361", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22356", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22304", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13001" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13001", "reference_id": "CVE-2019-13001", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13001" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-13001" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hj6-5zkd-7kgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216123?format=api", "vulnerability_id": "VCID-9xmk-7m69-93ex", "summary": "An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13263", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41868", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41933", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41961", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41888", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41938", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41949", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41973", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41937", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41923", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41945", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41874", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41811", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41804", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13263" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13263" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9xmk-7m69-93ex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/193204?format=api", "vulnerability_id": "VCID-9zn4-bgke-aqhm", "summary": "An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12244", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23351", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23577", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23566", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23545", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23362", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23707", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2375", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2353", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23602", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23647", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23663", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23621", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23564", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12244" }, { "reference_url": "https://hackerone.com/reports/2862754", "reference_id": "2862754", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:43:12Z/" } ], "url": "https://hackerone.com/reports/2862754" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/508046", "reference_id": "508046", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:43:12Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/508046" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-12244" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9zn4-bgke-aqhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/273402?format=api", "vulnerability_id": "VCID-a96m-a6p2-u7fc", "summary": "An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39744", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39766", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39684", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39738", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39753", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39762", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39726", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3971", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3976", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39731", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39647", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39469", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39455", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2459" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-2459" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a96m-a6p2-u7fc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/233658?format=api", "vulnerability_id": "VCID-acfp-4n7t-u7fa", "summary": "GitLab EE 10.1 through 12.7.2 allows Information Disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7974", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22526", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22698", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22743", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22531", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22609", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22662", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2268", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22639", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22583", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22598", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22594", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22544", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22393", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22382", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7974" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-7974" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-acfp-4n7t-u7fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216127?format=api", "vulnerability_id": "VCID-aejs-fse9-5ufz", "summary": "Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13266", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1733", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17499", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17546", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17326", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17418", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17478", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1749", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17443", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17389", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17331", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17339", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17371", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17279", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17258", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13266" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13266" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aejs-fse9-5ufz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/254227?format=api", "vulnerability_id": "VCID-agxq-w7e3-qbbd", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01235", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01227", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01155", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01224", "published_at": "2026-04-21T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00684", "published_at": "2026-04-09T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00678", "published_at": "2026-04-13T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00671", "published_at": "2026-04-16T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00685", "published_at": "2026-04-11T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00696", "published_at": "2026-04-02T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00689", "published_at": "2026-04-04T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00693", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11668" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/456922", "reference_id": "456922", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T18:42:30Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/456922" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-11668" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-agxq-w7e3-qbbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/292455?format=api", "vulnerability_id": "VCID-ajsm-xpvn-h3cd", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the top-level group has enabled IP restrictions on the group.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2589", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42783", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4289", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42903", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42925", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42873", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42933", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42922", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42859", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42901", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4284", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47489", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2589" }, { "reference_url": "https://hackerone.com/reports/1941803", "reference_id": "1941803", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:25:11Z/" } ], "url": "https://hackerone.com/reports/1941803" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407891", "reference_id": "407891", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:25:11Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407891" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2589.json", "reference_id": "CVE-2023-2589.json", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:25:11Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2589.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-2589" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ajsm-xpvn-h3cd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216223?format=api", "vulnerability_id": "VCID-anx6-ukf8-cbau", "summary": "An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13337", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32481", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32625", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32661", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32483", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32531", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32557", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32559", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32522", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32495", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32529", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32507", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32475", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.3231", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32194", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13337" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13337" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-anx6-ukf8-cbau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/265676?format=api", "vulnerability_id": "VCID-avzn-3wtk-2qhk", "summary": "Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1983", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.3266", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32793", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32829", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.3265", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32698", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32724", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32725", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32688", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32699", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32677", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32647", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32492", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32376", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1983" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-1983" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-avzn-3wtk-2qhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/254842?format=api", "vulnerability_id": "VCID-awqw-86c7-mbf5", "summary": "An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term.\"", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11129", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16236", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16293", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16313", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16348", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16241", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16469", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16531", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16328", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16414", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16473", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16457", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16418", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16356", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11129" }, { "reference_url": "https://hackerone.com/reports/2717400", "reference_id": "2717400", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:16:18Z/" } ], "url": "https://hackerone.com/reports/2717400" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/503722", "reference_id": "503722", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:16:18Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/503722" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-11129" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-awqw-86c7-mbf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240562?format=api", "vulnerability_id": "VCID-b5s9-nn6q-kbcs", "summary": "A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22249", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50782", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50838", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50864", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50821", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50878", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50876", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50918", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50896", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5088", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50924", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50904", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50853", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50861", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22249" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-22249" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b5s9-nn6q-kbcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144964?format=api", "vulnerability_id": "VCID-b7be-m9jj-juf2", "summary": "The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4582", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38147", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38292", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38315", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38184", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38234", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38242", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38261", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38225", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38202", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38248", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38228", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.3816", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.37991", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.37969", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4582" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2013-4582" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7be-m9jj-juf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/194322?format=api", "vulnerability_id": "VCID-b865-rg4k-wfck", "summary": "An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption.", "references": [ { "reference_url": "https://about.gitlab.com/blog/categories/releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/blog/categories/releases/" }, { "reference_url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13007", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.3643", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.3646", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36679", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36834", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36866", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36702", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36753", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36769", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36778", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36744", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36718", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36762", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36745", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36685", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13007" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13007", "reference_id": "CVE-2019-13007", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13007" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-13007" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b865-rg4k-wfck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/334724?format=api", "vulnerability_id": "VCID-ba8y-gmf8-f3a5", "summary": "An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed framework-specific permission checks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05699", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05741", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05736", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05776", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05801", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0578", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06205", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06193", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06245", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06235", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06356", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20078", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20073", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5846" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/546435", "reference_id": "546435", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T13:22:54Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/546435" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-5846" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ba8y-gmf8-f3a5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/339305?format=api", "vulnerability_id": "VCID-bd9p-32b3-u7en", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.3, and 18.5 before 18.5.1 that under certain conditions could have allowed authenticated users to gain unauthorized project access by exploiting the access request approval workflow.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6601", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03421", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03409", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.05001", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04768", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04777", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04922", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04959", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04829", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04867", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04885", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04862", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0484", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0482", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6601" }, { "reference_url": "https://hackerone.com/reports/3209641", "reference_id": "3209641", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T15:17:52Z/" } ], "url": "https://hackerone.com/reports/3209641" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/551267", "reference_id": "551267", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T15:17:52Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/551267" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/", "reference_id": "patch-release-gitlab-18-5-1-released", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T15:17:52Z/" } ], "url": "https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-6601" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bd9p-32b3-u7en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/341337?format=api", "vulnerability_id": "VCID-bse3-k2ur-gkhe", "summary": "An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.034", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03432", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03452", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03412", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03385", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03362", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03338", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03414", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0343", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0404", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04162", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04174", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04193", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8770" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/549105", "reference_id": "549105", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-13T20:05:13Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/549105" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-8770" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bse3-k2ur-gkhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216121?format=api", "vulnerability_id": "VCID-c3un-3g77-t7eh", "summary": "Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13261", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3914", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39325", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39349", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39263", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39318", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39335", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39346", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39307", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39289", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39341", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39313", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39226", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39012", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38993", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13261" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13261" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3un-3g77-t7eh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240664?format=api", "vulnerability_id": "VCID-ccs9-1gqf-vkhx", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing attackers to perform arbitrary actions on behalf of victims.\"", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1451", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.29088", "scoring_system": "epss", "scoring_elements": "0.96598", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.29088", "scoring_system": "epss", "scoring_elements": "0.9658", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.29088", "scoring_system": "epss", "scoring_elements": "0.96587", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.29088", "scoring_system": "epss", "scoring_elements": "0.96593", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.29088", "scoring_system": "epss", "scoring_elements": "0.96596", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.29088", "scoring_system": "epss", "scoring_elements": "0.96557", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.29088", "scoring_system": "epss", "scoring_elements": "0.96562", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.29088", "scoring_system": "epss", "scoring_elements": "0.96565", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.29088", "scoring_system": "epss", "scoring_elements": "0.96573", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.29088", "scoring_system": "epss", "scoring_elements": "0.96575", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.29088", "scoring_system": "epss", "scoring_elements": "0.96577", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.29088", "scoring_system": "epss", "scoring_elements": "0.96578", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1451" }, { "reference_url": "https://hackerone.com/reports/2371126", "reference_id": "2371126", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:16:14Z/" } ], "url": "https://hackerone.com/reports/2371126" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/441457", "reference_id": "441457", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:16:14Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/441457" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-1451" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ccs9-1gqf-vkhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350996?format=api", "vulnerability_id": "VCID-cfg6-81nj-wuh7", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization checks on member management operations.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.00989", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.00975", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.00969", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01837", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02209", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02188", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02178", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03517", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4916" }, { "reference_url": "https://hackerone.com/reports/3301240", "reference_id": "3301240", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:05:47Z/" } ], "url": "https://hackerone.com/reports/3301240" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/565414", "reference_id": "565414", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:05:47Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/565414" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "reference_id": "patch-release-gitlab-18-10-3-released", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:05:47Z/" } ], "url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-4916" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cfg6-81nj-wuh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/191816?format=api", "vulnerability_id": "VCID-cgwn-9de8-hubj", "summary": "An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22882", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22876", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22837", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22674", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22667", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23592", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23608", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23493", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2351", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23567", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23653", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23696", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23476", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23546", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10112" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-10112" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cgwn-9de8-hubj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/195869?format=api", "vulnerability_id": "VCID-ck2a-7z14-tqh3", "summary": "An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials.", "references": [ { "reference_url": "https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/" }, { "reference_url": "https://about.gitlab.com/blog/categories/releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/blog/categories/releases/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14943", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53501", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.5357", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53566", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53615", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53598", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53581", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53617", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53524", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53551", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53519", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57786", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57832", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57808", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57766", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14943" }, { "reference_url": "https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4530", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4530" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14943", "reference_id": "CVE-2019-14943", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14943" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-14943" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ck2a-7z14-tqh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199131?format=api", "vulnerability_id": "VCID-cuzf-qtjv-vyhc", "summary": "GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19258", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22526", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22698", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22743", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22531", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22609", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22662", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2268", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22639", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22583", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22598", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22594", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22544", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22393", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22382", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19258" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-19258" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cuzf-qtjv-vyhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199181?format=api", "vulnerability_id": "VCID-cvae-k1kf-3bb5", "summary": "GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39668", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39817", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3984", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39761", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39816", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3983", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39839", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39803", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39786", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39836", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39808", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39725", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39545", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39534", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19312" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-19312" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cvae-k1kf-3bb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/298801?format=api", "vulnerability_id": "VCID-cwvp-td1x-r7ab", "summary": "A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3907", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07264", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07175", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07301", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07258", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07172", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07217", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07197", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07251", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07278", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07274", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07261", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07181", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3907" }, { "reference_url": "https://hackerone.com/reports/2058934", "reference_id": "2058934", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-27T15:56:10Z/" } ], "url": "https://hackerone.com/reports/2058934" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418878", "reference_id": "418878", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-27T15:56:10Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418878" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-3907" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cwvp-td1x-r7ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/213419?format=api", "vulnerability_id": "VCID-d38q-afq9-wbdx", "summary": "GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles.", "references": [ { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" }, { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10085", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22382", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22393", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22526", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22698", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22743", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22531", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22609", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22662", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2268", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22639", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22583", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22598", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22594", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22544", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10085" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10085", "reference_id": "CVE-2020-10085", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10085" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-10085" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d38q-afq9-wbdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199179?format=api", "vulnerability_id": "VCID-d4kj-2yhs-63cn", "summary": "GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19310", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21735", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.219", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21952", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21719", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21796", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21852", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21864", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21824", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21766", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21773", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21738", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2159", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21584", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19310" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-19310" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d4kj-2yhs-63cn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/180203?format=api", "vulnerability_id": "VCID-de67-fg42-33fc", "summary": "An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18642", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21088", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21218", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21374", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21428", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2118", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2126", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21322", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21332", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21291", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21238", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21231", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2124", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21217", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21085", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18642" }, { "reference_url": "https://security.archlinux.org/AVG-802", "reference_id": "AVG-802", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-802" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2018-18642" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-de67-fg42-33fc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256774?format=api", "vulnerability_id": "VCID-de8b-d4wk-y3g2", "summary": "Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15062", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15144", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15184", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15251", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15055", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15143", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15194", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15164", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15126", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15061", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14961", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1497", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15021", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1506", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39909" }, { "reference_url": "https://security.archlinux.org/AVG-2503", "reference_id": "AVG-2503", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-39909" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-de8b-d4wk-y3g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/196564?format=api", "vulnerability_id": "VCID-dg2t-19xu-mkbb", "summary": "An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15580", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46854", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46892", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46909", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46856", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.4691", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46933", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46906", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46913", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46969", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46965", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46914", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.469", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15580" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-15580" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dg2t-19xu-mkbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/298804?format=api", "vulnerability_id": "VCID-dndj-1cxz-r7ff", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privileges on the instance by creating a service account in that group. This service account is not classified as external and may be used to access internal projects.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3915", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11159", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11133", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11263", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11201", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11337", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11395", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11188", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11268", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11323", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11329", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11295", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11269", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11131", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3915" }, { "reference_url": "https://hackerone.com/reports/2040834", "reference_id": "2040834", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T13:59:46Z/" } ], "url": "https://hackerone.com/reports/2040834" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/417664", "reference_id": "417664", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T13:59:46Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/417664" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-3915" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dndj-1cxz-r7ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/224345?format=api", "vulnerability_id": "VCID-drqj-c18r-w7h8", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4612", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07248", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07165", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07159", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07281", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07239", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07157", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07202", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07179", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07234", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07259", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07256", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07243", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07233", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4612" }, { "reference_url": "https://hackerone.com/reports/2479857", "reference_id": "2479857", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:22:22Z/" } ], "url": "https://hackerone.com/reports/2479857" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/460707", "reference_id": "460707", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:22:22Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/460707" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-4612" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-drqj-c18r-w7h8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240568?format=api", "vulnerability_id": "VCID-drzh-34h4-jqge", "summary": "Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22253", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54046", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54063", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54092", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54066", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54117", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54115", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54165", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54147", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54126", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54169", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.5415", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22253" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-22253" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-drzh-34h4-jqge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/342798?format=api", "vulnerability_id": "VCID-e17m-j47b-kbap", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1069", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08127", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0817", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08116", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08184", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08202", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08193", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08849", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08973", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.0902", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08969", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08971", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08959", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08824", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1069" }, { "reference_url": "https://hackerone.com/reports/3483687", "reference_id": "3483687", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T19:39:21Z/" } ], "url": "https://hackerone.com/reports/3483687" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/586474", "reference_id": "586474", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T19:39:21Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/586474" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released/", "reference_id": "patch-release-gitlab-18-9-2-released", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T19:39:21Z/" } ], "url": "https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-1069" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e17m-j47b-kbap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350993?format=api", "vulnerability_id": "VCID-e2c2-k4fs-5fdn", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2104", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01791", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01784", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01773", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01771", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02823", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02843", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02835", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02719", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02731", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2104" }, { "reference_url": "https://hackerone.com/reports/3541476", "reference_id": "3541476", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:43:15Z/" } ], "url": "https://hackerone.com/reports/3541476" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/589021", "reference_id": "589021", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:43:15Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/589021" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "reference_id": "patch-release-gitlab-18-10-3-released", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:43:15Z/" } ], "url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-2104" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2c2-k4fs-5fdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216152?format=api", "vulnerability_id": "VCID-e98k-gk6q-8ucw", "summary": "For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13286", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33723", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34066", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34097", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33954", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33996", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34028", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34027", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33984", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33961", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33983", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.3395", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33574", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33554", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13286" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13286" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e98k-gk6q-8ucw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/348630?format=api", "vulnerability_id": "VCID-ef6r-7zfp-6ueu", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in GraphQL request processing.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17504", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17396", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17338", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17346", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17379", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17286", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17551", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17331", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17423", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17484", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17496", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17449", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18737", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3988" }, { "reference_url": "https://hackerone.com/reports/3597342", "reference_id": "3597342", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:21:45Z/" } ], "url": "https://hackerone.com/reports/3597342" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/593140", "reference_id": "593140", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:21:45Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/593140" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/", "reference_id": "patch-release-gitlab-18-10-1-released", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:21:45Z/" } ], "url": "https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-3988" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ef6r-7zfp-6ueu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/231658?format=api", "vulnerability_id": "VCID-efgu-vj7d-wqgh", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific conditions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01172", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01178", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02502", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.025", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02489", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02488", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02473", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02479", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02586", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02499", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02523", "published_at": "2026-04-09T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00557", "published_at": "2026-04-24T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00559", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9183" }, { "reference_url": "https://hackerone.com/reports/2707421", "reference_id": "2707421", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-09T04:55:54Z/" } ], "url": "https://hackerone.com/reports/2707421" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/494478", "reference_id": "494478", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-09T04:55:54Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/494478" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/", "reference_id": "patch-release-gitlab-18-6-1-released", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-09T04:55:54Z/" } ], "url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-9183" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-efgu-vj7d-wqgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/343073?format=api", "vulnerability_id": "VCID-eh5u-tnu8-6uc2", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processing in markdown preview.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1456", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0912", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09177", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09207", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09209", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09178", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09164", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09059", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09039", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09173", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09097", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11034", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10948", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10993", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1456" }, { "reference_url": "https://hackerone.com/reports/3517928", "reference_id": "3517928", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:38:41Z/" } ], "url": "https://hackerone.com/reports/3517928" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/587688", "reference_id": "587688", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:38:41Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/587688" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/", "reference_id": "patch-release-gitlab-18-8-4-released", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:38:41Z/" } ], "url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-1456" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eh5u-tnu8-6uc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199450?format=api", "vulnerability_id": "VCID-erzs-6pbk-tbbv", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5318", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11071", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11041", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1105", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11182", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11116", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11213", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11275", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11088", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11167", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11224", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11233", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11201", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11175", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5318" }, { "reference_url": "https://hackerone.com/reports/2189464", "reference_id": "2189464", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-24T19:20:30Z/" } ], "url": "https://hackerone.com/reports/2189464" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/427526", "reference_id": "427526", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-24T19:20:30Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/427526" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-5318" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-erzs-6pbk-tbbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/310899?format=api", "vulnerability_id": "VCID-euf4-86tg-buex", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an unauthenticated user to join arbitrary organizations by changing headers on some requests.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12653", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.118", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15911", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22346", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22324", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22338", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22331", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22281", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22476", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22264", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22431", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22402", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22422", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22381", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12653" }, { "reference_url": "https://hackerone.com/reports/3370245", "reference_id": "3370245", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T14:41:33Z/" } ], "url": "https://hackerone.com/reports/3370245" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/579372", "reference_id": "579372", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T14:41:33Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/579372" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/", "reference_id": "patch-release-gitlab-18-6-1-released", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T14:41:33Z/" } ], "url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-12653" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-euf4-86tg-buex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/264329?format=api", "vulnerability_id": "VCID-eukj-31bc-gygf", "summary": "An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to access issues and epics without having an SSO session using Duo Chat.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32846", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33071", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33049", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.3301", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32864", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33152", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33185", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33015", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33059", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.3309", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33092", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33054", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.3303", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3115" }, { "reference_url": "https://hackerone.com/reports/2417868", "reference_id": "2417868", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T18:33:42Z/" } ], "url": "https://hackerone.com/reports/2417868" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/452548", "reference_id": "452548", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T18:33:42Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/452548" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-3115" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eukj-31bc-gygf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/198590?format=api", "vulnerability_id": "VCID-ezke-u972-xuc1", "summary": "An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration.. It has Insecure Permissions (issue 1 of 4).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18456", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24916", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24995", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.25036", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24809", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24877", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24922", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24937", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24898", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24844", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24855", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24849", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24826", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.2477", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24759", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18456" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-18456" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ezke-u972-xuc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350991?format=api", "vulnerability_id": "VCID-ezuk-qknb-tucz", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1516", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05048", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05028", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.0501", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04991", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1359", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13607", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13617", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13536", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13533", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1516" }, { "reference_url": "https://hackerone.com/reports/3514461", "reference_id": "3514461", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:42:16Z/" } ], "url": "https://hackerone.com/reports/3514461" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/587893", "reference_id": "587893", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:42:16Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/587893" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "reference_id": "patch-release-gitlab-18-10-3-released", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:42:16Z/" } ], "url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-1516" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ezuk-qknb-tucz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144962?format=api", "vulnerability_id": "VCID-f143-jv24-qqa8", "summary": "GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4580", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20963", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21117", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21172", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20886", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20966", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21027", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21042", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20998", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20945", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20934", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20915", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20785", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20781", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4580" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2013-4580" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f143-jv24-qqa8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/298803?format=api", "vulnerability_id": "VCID-f5yv-akwg-cbe2", "summary": "A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3914", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12741", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12649", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12761", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12779", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12871", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12922", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12725", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12804", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12855", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12821", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12784", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12738", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12641", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3914" }, { "reference_url": "https://hackerone.com/reports/2040822", "reference_id": "2040822", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T13:49:27Z/" } ], "url": "https://hackerone.com/reports/2040822" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418115", "reference_id": "418115", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T13:49:27Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418115" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-3914" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f5yv-akwg-cbe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/233656?format=api", "vulnerability_id": "VCID-f72v-rymq-6qer", "summary": "GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7972", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16149", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16332", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16393", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16192", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16277", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16341", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16323", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16284", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16153", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1617", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16208", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16098", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16095", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7972" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-7972" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f72v-rymq-6qer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/279109?format=api", "vulnerability_id": "VCID-fjaw-huga-rfft", "summary": "Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63539", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.6352", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63507", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63525", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.6345", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63476", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63441", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63493", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.6351", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63527", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63512", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63477", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63513", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3291" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/354299", "reference_id": "354299", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:42:20Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/354299" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3291.json", "reference_id": "CVE-2022-3291.json", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:42:20Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3291.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-3291" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fjaw-huga-rfft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/196577?format=api", "vulnerability_id": "VCID-fkdm-5xnv-9qdk", "summary": "An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15590", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29227", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29301", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.2935", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29162", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29267", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29273", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29174", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29201", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29177", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29128", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29008", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28897", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15590" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-15590" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fkdm-5xnv-9qdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/309829?format=api", "vulnerability_id": "VCID-fmf9-nugf-ubg3", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scoped GraphQL mutations.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01543", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01545", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01442", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01445", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01451", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01456", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01458", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01453", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01446", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01447", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01436", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0145", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01538", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11340" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/567847", "reference_id": "567847", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-09T13:42:36Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/567847" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/", "reference_id": "patch-release-gitlab-18-4-2-released", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-09T13:42:36Z/" } ], "url": "https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-11340" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fmf9-nugf-ubg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/348797?format=api", "vulnerability_id": "VCID-fmwb-v7jb-4uh9", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user to gain unauthorized access to resources due to improper caching of authorization decisions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02763", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02752", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02863", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02857", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02777", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02784", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02788", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02808", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02779", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0276", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02756", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0274", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04021", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4363" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/578561", "reference_id": "578561", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:57:30Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/578561" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/", "reference_id": "patch-release-gitlab-18-10-1-released", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:57:30Z/" } ], "url": "https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-4363" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fmwb-v7jb-4uh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/198984?format=api", "vulnerability_id": "VCID-fp39-354q-43ga", "summary": "Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19086", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14357", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14443", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14512", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1432", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14402", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14457", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14406", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14369", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14203", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14201", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14273", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14299", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14276", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19086" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-19086" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fp39-354q-43ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/319719?format=api", "vulnerability_id": "VCID-ftgc-s9ka-gkek", "summary": "Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2045", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09045", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09192", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09248", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09201", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09065", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11905", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11866", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11839", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11894", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11971", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11759", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11842", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11924", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2045" }, { "reference_url": "https://hackerone.com/reports/2921111", "reference_id": "2921111", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T16:07:06Z/" } ], "url": "https://hackerone.com/reports/2921111" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/512050", "reference_id": "512050", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T16:07:06Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/512050" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-2045" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ftgc-s9ka-gkek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350992?format=api", "vulnerability_id": "VCID-fx2p-77ja-v3ex", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in the API.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01092", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01101", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01095", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01096", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01089", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01088", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01118", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01594", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01581", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1752" }, { "reference_url": "https://hackerone.com/reports/3533545", "reference_id": "3533545", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T14:58:34Z/" } ], "url": "https://hackerone.com/reports/3533545" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/588413", "reference_id": "588413", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T14:58:34Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/588413" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "reference_id": "patch-release-gitlab-18-10-3-released", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T14:58:34Z/" } ], "url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-1752" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fx2p-77ja-v3ex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/313128?format=api", "vulnerability_id": "VCID-fxwa-n6xh-syg7", "summary": "An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1042", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0779", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07714", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07866", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07823", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07781", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07827", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07784", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07841", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07861", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07852", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07839", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07825", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0774", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1042" }, { "reference_url": "https://hackerone.com/reports/2886976", "reference_id": "2886976", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T15:12:21Z/" } ], "url": "https://hackerone.com/reports/2886976" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/50849943", "reference_id": "50849943", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T15:12:21Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/50849943" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-1042" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fxwa-n6xh-syg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/222462?format=api", "vulnerability_id": "VCID-fzcz-yzq3-kfbc", "summary": "An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4597", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0581", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05742", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05774", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05563", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.056", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05597", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05635", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05661", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05633", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05624", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05618", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0557", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05584", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4597" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438686", "reference_id": "438686", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T19:33:41Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438686" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-4597" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fzcz-yzq3-kfbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/265562?format=api", "vulnerability_id": "VCID-g66c-1xkw-syhr", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their group, through the REST API, even after their group owner enabled a setting to prevent members from being added to projects within that group.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1783", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64493", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64546", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64575", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64533", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64581", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64597", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64614", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64602", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64573", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64608", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.6462", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64606", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64625", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64639", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1783" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-1783" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g66c-1xkw-syhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/190353?format=api", "vulnerability_id": "VCID-g81j-6bnt-dfcg", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8640", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39354", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39662", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39633", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.3955", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.3937", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39646", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39668", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39585", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.3964", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39654", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39663", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39627", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39611", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8640" }, { "reference_url": "https://hackerone.com/reports/2687770", "reference_id": "2687770", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:29:55Z/" } ], "url": "https://hackerone.com/reports/2687770" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/486213", "reference_id": "486213", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:29:55Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/486213" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-8640" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g81j-6bnt-dfcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240467?format=api", "vulnerability_id": "VCID-gcjp-uj87-27au", "summary": "An issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22182", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33932", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34271", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34167", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.3421", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34239", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34198", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34174", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34207", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34195", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34158", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33786", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33763", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22182" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-22182" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gcjp-uj87-27au" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199669?format=api", "vulnerability_id": "VCID-gfq6-n338-nudk", "summary": "An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5470", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16339", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16391", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16411", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16449", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16341", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16567", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16629", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16428", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16514", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16568", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16549", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.1651", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16451", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5470" }, { "reference_url": "https://hackerone.com/reports/2521480", "reference_id": "2521480", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-11T15:07:35Z/" } ], "url": "https://hackerone.com/reports/2521480" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/464312", "reference_id": "464312", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-11T15:07:35Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/464312" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-5470" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gfq6-n338-nudk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/193721?format=api", "vulnerability_id": "VCID-gn5e-xkpz-u3d4", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting users with a specific role.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04482", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04418", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04449", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04467", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04402", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04429", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0444", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04474", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0449", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05297", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05071", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05221", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05255", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12303" }, { "reference_url": "https://hackerone.com/reports/2861889", "reference_id": "2861889", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T19:59:48Z/" } ], "url": "https://hackerone.com/reports/2861889" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/508298", "reference_id": "508298", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T19:59:48Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/508298" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-12303" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gn5e-xkpz-u3d4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216122?format=api", "vulnerability_id": "VCID-gp7a-67bq-huey", "summary": "Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13262", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43322", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43383", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43411", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43349", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43399", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43414", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43433", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43401", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43386", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43445", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43434", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43368", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43299", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43301", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13262" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13262" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gp7a-67bq-huey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169017?format=api", "vulnerability_id": "VCID-gsjb-8dh6-kbdc", "summary": "GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem.", "references": [ { "reference_url": "https://about.gitlab.com/2017/07/22/gitlab-9-4-released/#security---add-ldap-ssl-certificate-verification", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/2017/07/22/gitlab-9-4-released/#security---add-ldap-ssl-certificate-verification" }, { "reference_url": "https://about.gitlab.com/2017/07/28/gitlab-9-dot-4-dot-2-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/2017/07/28/gitlab-9-dot-4-dot-2-released/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17716", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24929", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.2494", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25104", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25184", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25226", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24996", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25064", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25109", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25124", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25083", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25029", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25039", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25031", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25003", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17716" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/30420", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/30420" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:9.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:9.4.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:9.4.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:9.4.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:9.4.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:9.4.0:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:9.4.0:rc6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.0:rc6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:9.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:9.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17716", "reference_id": "CVE-2017-17716", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17716" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2017-17716" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gsjb-8dh6-kbdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/298241?format=api", "vulnerability_id": "VCID-gtke-br25-4fcn", "summary": "An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11178", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11159", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11282", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11221", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11366", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11422", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11214", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11295", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11349", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11356", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11322", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11157", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3115" }, { "reference_url": "https://hackerone.com/reports/2004158", "reference_id": "2004158", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:12:41Z/" } ], "url": "https://hackerone.com/reports/2004158" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/414367", "reference_id": "414367", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:12:41Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/414367" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-3115" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gtke-br25-4fcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/213873?format=api", "vulnerability_id": "VCID-h1y2-hbx2-63gb", "summary": "GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address.", "references": [ { "reference_url": "https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37004", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37036", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37252", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37417", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37442", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3727", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37321", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37333", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37345", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37311", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37283", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3733", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37313", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37259", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10535" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10535", "reference_id": "CVE-2020-10535", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10535" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-10535" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h1y2-hbx2-63gb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/310252?format=api", "vulnerability_id": "VCID-h59w-6g9r-8uep", "summary": "An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02775", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02663", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02671", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02785", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02986", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02953", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02962", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04194", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06155", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06092", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06075", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06116", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06064", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11865" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/561399", "reference_id": "561399", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T20:12:00Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/561399" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/", "reference_id": "patch-release-gitlab-18-5-2-released", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T20:12:00Z/" } ], "url": "https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-11865" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h59w-6g9r-8uep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/343259?format=api", "vulnerability_id": "VCID-hht6-1bs9-37d5", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sending specially crafted requests to a CI jobs API endpoint.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14711", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14619", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14681", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14712", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14822", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14901", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14702", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14792", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14852", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.1481", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14773", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14716", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.1461", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1725" }, { "reference_url": "https://hackerone.com/reports/3519773", "reference_id": "3519773", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:42:17Z/" } ], "url": "https://hackerone.com/reports/3519773" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/588338", "reference_id": "588338", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:42:17Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/588338" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/", "reference_id": "patch-release-gitlab-18-9-1-released", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:42:17Z/" } ], "url": "https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-1725" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hht6-1bs9-37d5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216240?format=api", "vulnerability_id": "VCID-hkue-hmp7-ckhn", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13349", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37666", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37848", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37873", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37751", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37802", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37814", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37829", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37793", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37768", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37816", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37797", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37736", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37498", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37476", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13349" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13349" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hkue-hmp7-ckhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/220907?format=api", "vulnerability_id": "VCID-hmtm-rq4z-w7gp", "summary": "An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7110", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27499", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27659", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27607", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27867", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27908", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.277", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27767", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27809", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27815", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27774", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27716", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27724", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27698", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7110" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/472603", "reference_id": "472603", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-22T17:32:38Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/472603" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-7110" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hmtm-rq4z-w7gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/205558?format=api", "vulnerability_id": "VCID-hnxc-wv6f-bbb4", "summary": "An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47615", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47653", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47674", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47624", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47679", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47675", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47698", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47683", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.4774", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47732", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47685", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47666", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5472" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-5472" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hnxc-wv6f-bbb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/232623?format=api", "vulnerability_id": "VCID-hs1h-p7zh-kqhr", "summary": "An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44673", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44824", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44817", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44747", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44666", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44769", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.4479", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44728", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44782", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44784", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44801", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44771", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9164" }, { "reference_url": "https://hackerone.com/reports/2711204", "reference_id": "2711204", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-11T13:42:31Z/" } ], "url": "https://hackerone.com/reports/2711204" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/493946", "reference_id": "493946", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-11T13:42:31Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/493946" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-9164" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hs1h-p7zh-kqhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/196725?format=api", "vulnerability_id": "VCID-hs2j-8gma-xbec", "summary": "An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so.", "references": [ { "reference_url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15731", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47381", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47373", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47319", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47355", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47376", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47324", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.4738", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47377", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47401", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47383", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47442", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47435", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47386", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15731" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/60465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/60465" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15731", "reference_id": "CVE-2019-15731", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15731" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-15731" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hs2j-8gma-xbec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/196715?format=api", "vulnerability_id": "VCID-hu7q-pzj6-t7c9", "summary": "An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection.", "references": [ { "reference_url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15724", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29819", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29935", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30148", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30186", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30234", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30054", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30114", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.3015", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30153", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.3011", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.3006", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30074", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30052", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30006", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15724" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/60888", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/60888" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15724", "reference_id": "CVE-2019-15724", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15724" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-15724" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hu7q-pzj6-t7c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/223598?format=api", "vulnerability_id": "VCID-hx4t-s3dj-xuc5", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was possible for a guest to read the source code of a private project by using group templates.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18948", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19053", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19065", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19073", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18963", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19287", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1934", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19055", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19135", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19188", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19195", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19149", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19094", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4660" }, { "reference_url": "https://hackerone.com/reports/2480126", "reference_id": "2480126", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:22:54Z/" } ], "url": "https://hackerone.com/reports/2480126" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/460892", "reference_id": "460892", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:22:54Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/460892" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-4660" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hx4t-s3dj-xuc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/347308?format=api", "vulnerability_id": "VCID-j2jr-e1am-tfed", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19971", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19796", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19768", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19771", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19783", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19678", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20029", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19756", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19836", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19889", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19897", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19853", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22024", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2995" }, { "reference_url": "https://hackerone.com/reports/3564600", "reference_id": "3564600", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T03:55:35Z/" } ], "url": "https://hackerone.com/reports/3564600" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/591065", "reference_id": "591065", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T03:55:35Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/591065" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/", "reference_id": "patch-release-gitlab-18-10-1-released", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T03:55:35Z/" } ], "url": "https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-2995" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j2jr-e1am-tfed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/180210?format=api", "vulnerability_id": "VCID-j3h8-a8dz-nbc3", "summary": "An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18649", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.54969", "scoring_system": "epss", "scoring_elements": "0.98057", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.54969", "scoring_system": "epss", "scoring_elements": "0.98034", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.54969", "scoring_system": "epss", "scoring_elements": "0.9804", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.54969", "scoring_system": "epss", "scoring_elements": "0.98042", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.54969", "scoring_system": "epss", "scoring_elements": "0.98044", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.54969", "scoring_system": "epss", "scoring_elements": "0.98048", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.54969", "scoring_system": "epss", "scoring_elements": "0.98049", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.54969", "scoring_system": "epss", "scoring_elements": "0.98054", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.54969", "scoring_system": "epss", "scoring_elements": "0.98055", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.54969", "scoring_system": "epss", "scoring_elements": "0.98061", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.54969", "scoring_system": "epss", "scoring_elements": "0.98062", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.54969", "scoring_system": "epss", "scoring_elements": "0.98058", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18649" }, { "reference_url": "https://security.archlinux.org/ASA-201810-16", "reference_id": "ASA-201810-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201810-16" }, { "reference_url": "https://security.archlinux.org/AVG-794", "reference_id": "AVG-794", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-794" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2018-18649" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j3h8-a8dz-nbc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216158?format=api", "vulnerability_id": "VCID-j9jf-mxby-fyad", "summary": "In GitLab before 13.2.3, project sharing could temporarily allow too permissive access.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27082", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27122", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27159", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2695", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27019", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27064", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27067", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27023", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26966", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26975", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26915", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26867", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2686", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13291" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13291" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j9jf-mxby-fyad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/285343?format=api", "vulnerability_id": "VCID-jdp6-cnqf-rqge", "summary": "Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.5651", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56572", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56554", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56585", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56586", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56556", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56491", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56531", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56582", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56587", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56597", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.57731", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.57709", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1167" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/392715", "reference_id": "392715", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:52:39Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/392715" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1167.json", "reference_id": "CVE-2023-1167.json", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:52:39Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1167.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-1167" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jdp6-cnqf-rqge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179023?format=api", "vulnerability_id": "VCID-jkdc-htqh-yfg2", "summary": "An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27113", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27154", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27191", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26983", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27052", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27097", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.271", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27056", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26999", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27009", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26947", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26898", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26891", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16048" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2018-16048" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jkdc-htqh-yfg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/279110?format=api", "vulnerability_id": "VCID-jpd6-w5ks-tbhs", "summary": "Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3293", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26512", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26615", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26577", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26519", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26792", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26832", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26616", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26684", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26734", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26738", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26694", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26637", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26644", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3293" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/369008", "reference_id": "369008", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:39:21Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/369008" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3293.json", "reference_id": "CVE-2022-3293.json", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:39:21Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3293.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-3293" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jpd6-w5ks-tbhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206899?format=api", "vulnerability_id": "VCID-jqfm-2td2-5uhn", "summary": "An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7353", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34136", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34475", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34502", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.3437", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34412", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34441", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34444", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34405", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34381", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34415", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34402", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34361", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.33989", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.3397", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7353" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-7353" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqfm-2td2-5uhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/264225?format=api", "vulnerability_id": "VCID-jtrx-66ft-qug2", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3127", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06419", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06261", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06232", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06381", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06395", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06189", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0622", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06201", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06244", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06285", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06276", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06272", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3127" }, { "reference_url": "https://hackerone.com/reports/2395169", "reference_id": "2395169", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T16:35:21Z/" } ], "url": "https://hackerone.com/reports/2395169" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/452640", "reference_id": "452640", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T16:35:21Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/452640" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-3127" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jtrx-66ft-qug2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/343258?format=api", "vulnerability_id": "VCID-jveu-pq8w-eyc1", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of self-hosted AI models due to improper access control.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1724", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06903", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06759", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06767", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0676", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06745", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06796", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06835", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06839", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06826", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06832", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06887", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0721", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07579", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1724" }, { "reference_url": "https://hackerone.com/reports/3531412", "reference_id": "3531412", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:59:08Z/" } ], "url": "https://hackerone.com/reports/3531412" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/588334", "reference_id": "588334", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:59:08Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/588334" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/", "reference_id": "patch-release-gitlab-18-10-1-released", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:59:08Z/" } ], "url": "https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-1724" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jveu-pq8w-eyc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/298233?format=api", "vulnerability_id": "VCID-jxdj-djgu-f3f5", "summary": "A sensitive information leak issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows access to titles of private issue and MR.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3102", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58846", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58868", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58836", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58889", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58895", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58912", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58875", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64338", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64328", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64348", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64361", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64327", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3102" }, { "reference_url": "https://hackerone.com/reports/2012073", "reference_id": "2012073", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:25:32Z/" } ], "url": "https://hackerone.com/reports/2012073" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/414269", "reference_id": "414269", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:25:32Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/414269" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-3102" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jxdj-djgu-f3f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/312353?format=api", "vulnerability_id": "VCID-jzgz-q5qu-z3g5", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API endpoint.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14592", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03189", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03205", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03231", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03185", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03158", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03143", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03116", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03123", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03199", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03201", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0357", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03583", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03577", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14592" }, { "reference_url": "https://hackerone.com/reports/3451435", "reference_id": "3451435", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:17:57Z/" } ], "url": "https://hackerone.com/reports/3451435" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/583961", "reference_id": "583961", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:17:57Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/583961" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/", "reference_id": "patch-release-gitlab-18-8-4-released", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:17:57Z/" } ], "url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-14592" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jzgz-q5qu-z3g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/198986?format=api", "vulnerability_id": "VCID-k1s1-es3u-h7dw", "summary": "Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19087", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14357", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14443", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14512", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1432", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14402", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14457", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14406", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14369", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14203", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14201", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14273", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14299", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14276", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19087" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-19087" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1s1-es3u-h7dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/205562?format=api", "vulnerability_id": "VCID-kag4-sj3m-w7fe", "summary": "An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37647", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37829", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37854", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37732", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37783", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37796", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.3781", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37775", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.3775", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37798", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37778", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37718", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.3748", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37458", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5474" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-5474" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kag4-sj3m-w7fe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/338962?format=api", "vulnerability_id": "VCID-kaqy-p6z3-zub9", "summary": "An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05754", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05713", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05959", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05923", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05888", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.059", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06051", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06073", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05882", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05921", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0594", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05931", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06578", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6168" }, { "reference_url": "https://hackerone.com/reports/3196745", "reference_id": "3196745", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:08:04Z/" } ], "url": "https://hackerone.com/reports/3196745" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/549725", "reference_id": "549725", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:08:04Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/549725" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-6168" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kaqy-p6z3-zub9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240513?format=api", "vulnerability_id": "VCID-kbpk-h81g-g7dr", "summary": "An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42308", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42371", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42442", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42471", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.4241", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42461", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42468", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.4249", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42453", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42423", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42472", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42447", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42376", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42312", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22215" }, { "reference_url": "https://security.archlinux.org/AVG-2045", "reference_id": "AVG-2045", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2045" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-22215" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kbpk-h81g-g7dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/313288?format=api", "vulnerability_id": "VCID-kdta-5zc6-zyf1", "summary": "An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1257", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22834", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22671", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23452", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23416", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23378", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23325", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23342", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23336", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.2349", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23274", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23347", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23397", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30366", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1257" }, { "reference_url": "https://hackerone.com/reports/2984218", "reference_id": "2984218", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:44:00Z/" } ], "url": "https://hackerone.com/reports/2984218" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/519348", "reference_id": "519348", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:44:00Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/519348" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-1257" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kdta-5zc6-zyf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/311725?format=api", "vulnerability_id": "VCID-kfs2-muqh-wqba", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13781", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.0106", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.0099", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01056", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01057", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01002", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01004", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01011", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01016", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01014", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.00995", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.00996", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13781" }, { "reference_url": "https://hackerone.com/reports/3400940", "reference_id": "3400940", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:12:40Z/" } ], "url": "https://hackerone.com/reports/3400940" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/578756", "reference_id": "578756", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:12:40Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/578756" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/", "reference_id": "patch-release-gitlab-18-7-1-released", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:12:40Z/" } ], "url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-13781" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kfs2-muqh-wqba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/196726?format=api", "vulnerability_id": "VCID-kh8b-dvkw-g3es", "summary": "An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions.", "references": [ { "reference_url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15732", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.4989", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49883", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49823", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.4986", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49888", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49839", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49894", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49887", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49905", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49877", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49879", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49924", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49925", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49897", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15732" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/57015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/57015" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15732", "reference_id": "CVE-2019-15732", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15732" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-15732" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kh8b-dvkw-g3es" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/220933?format=api", "vulnerability_id": "VCID-knfs-y7wa-g7dh", "summary": "An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7296", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03907", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03918", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05661", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.057", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05693", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05733", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05759", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05737", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0573", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05679", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05724", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0569", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06382", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7296" }, { "reference_url": "https://hackerone.com/reports/2602274", "reference_id": "2602274", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:43:26Z/" } ], "url": "https://hackerone.com/reports/2602274" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/475056", "reference_id": "475056", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:43:26Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/475056" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-7296" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-knfs-y7wa-g7dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/283908?format=api", "vulnerability_id": "VCID-kqzh-fr6z-33bs", "summary": "An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4255", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33166", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33371", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33339", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33183", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33469", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33501", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33342", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33387", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33421", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33425", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33384", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33361", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33395", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4255" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/373819", "reference_id": "373819", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:16:57Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/373819" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4255.json", "reference_id": "CVE-2022-4255.json", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:16:57Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4255.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-4255" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kqzh-fr6z-33bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/254843?format=api", "vulnerability_id": "VCID-kr4u-4ydq-ckh5", "summary": "An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11669", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02373", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02358", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02377", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02388", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02385", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02389", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02409", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02386", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02374", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04953", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04877", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04914", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04733", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11669" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/501528", "reference_id": "501528", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-26T20:01:16Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/501528" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-11669" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kr4u-4ydq-ckh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/180779?format=api", "vulnerability_id": "VCID-kss4-sva8-uffa", "summary": "GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19582", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.28003", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.28075", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.28117", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27912", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27979", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.2802", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.28023", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.2798", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27921", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27932", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27914", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27872", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27787", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27675", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19582" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2018-19582" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kss4-sva8-uffa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/146362?format=api", "vulnerability_id": "VCID-kuqh-mbt8-qye9", "summary": "Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.79717", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.79724", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.79746", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.79731", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.7976", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.79767", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.79788", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.79772", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.79765", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.79793", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.79794", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.79798", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.79827", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.79834", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7316" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30329.sh", "reference_id": "CVE-2013-7316;OSVDB-102473", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30329.sh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2013-7316" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kuqh-mbt8-qye9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/188138?format=api", "vulnerability_id": "VCID-kv3d-2k6f-z3db", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02943", "scoring_system": "epss", "scoring_elements": "0.86403", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02943", "scoring_system": "epss", "scoring_elements": "0.86386", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03053", "scoring_system": "epss", "scoring_elements": "0.86731", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03053", "scoring_system": "epss", "scoring_elements": "0.86739", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03053", "scoring_system": "epss", "scoring_elements": "0.86714", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03053", "scoring_system": "epss", "scoring_elements": "0.8672", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03944", "scoring_system": "epss", "scoring_elements": "0.88318", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03944", "scoring_system": "epss", "scoring_elements": "0.88338", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03944", "scoring_system": "epss", "scoring_elements": "0.88344", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03944", "scoring_system": "epss", "scoring_elements": "0.88355", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03944", "scoring_system": "epss", "scoring_elements": "0.88346", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8180" }, { "reference_url": "https://hackerone.com/reports/2654010", "reference_id": "2654010", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-14T18:53:46Z/" } ], "url": "https://hackerone.com/reports/2654010" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/480720", "reference_id": "480720", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-14T18:53:46Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/480720" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#html-injection-in-vulnerability-code-flow-could-lead-to-xss-on-self-hosted-instances", "reference_id": "#html-injection-in-vulnerability-code-flow-could-lead-to-xss-on-self-hosted-instances", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-14T18:53:46Z/" } ], "url": "https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#html-injection-in-vulnerability-code-flow-could-lead-to-xss-on-self-hosted-instances" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-8180" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kv3d-2k6f-z3db" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/232654?format=api", "vulnerability_id": "VCID-kvfv-7g9n-ybhb", "summary": "An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1908", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19215", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19267", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18983", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19062", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19116", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19122", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19075", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19023", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18979", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18991", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18997", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18889", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18871", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6833" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-6833" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kvfv-7g9n-ybhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/180781?format=api", "vulnerability_id": "VCID-m27b-sk6s-pbdv", "summary": "GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19584", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41907", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41969", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41997", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41923", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41973", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41985", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42007", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41955", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42004", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41977", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41846", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41839", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19584" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2018-19584" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m27b-sk6s-pbdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/298491?format=api", "vulnerability_id": "VCID-m2ug-suua-jqbn", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3484", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28983", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.29033", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.2884", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28907", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28948", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28952", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28909", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28859", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32999", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32962", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32816", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32703", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33022", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3484" }, { "reference_url": "https://hackerone.com/reports/2035687", "reference_id": "2035687", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-24T18:14:49Z/" } ], "url": "https://hackerone.com/reports/2035687" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416773", "reference_id": "416773", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-24T18:14:49Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416773" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-3484" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m2ug-suua-jqbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/263301?format=api", "vulnerability_id": "VCID-m5dj-vp9f-9kgu", "summary": "An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2743", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11728", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11686", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11685", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11802", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1177", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11907", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11953", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11741", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11824", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11876", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11887", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11849", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11821", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2743" }, { "reference_url": "https://hackerone.com/reports/2411756", "reference_id": "2411756", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:21:58Z/" } ], "url": "https://hackerone.com/reports/2411756" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/451014", "reference_id": "451014", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:21:58Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/451014" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-2743" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m5dj-vp9f-9kgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199128?format=api", "vulnerability_id": "VCID-m65e-u5fc-2qch", "summary": "GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22526", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22698", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22743", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22531", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22609", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22662", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2268", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22639", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22583", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22598", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22594", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22544", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22393", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22382", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19256" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-19256" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m65e-u5fc-2qch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/214332?format=api", "vulnerability_id": "VCID-m6xk-sttj-tfh3", "summary": "In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.", "references": [ { "reference_url": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/" }, { "reference_url": "https://about.gitlab.com/releases/categories/releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/categories/releases/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10953", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27761", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27873", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28085", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28158", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28201", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27996", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28063", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28106", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28113", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.2807", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28013", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28021", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28005", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27956", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10953" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10953", "reference_id": "CVE-2020-10953", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10953" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-10953" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m6xk-sttj-tfh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/194317?format=api", "vulnerability_id": "VCID-m7xu-jxu6-nbh4", "summary": "An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. When specific encoded characters were added to comments, the comments section would become inaccessible. It has Incorrect Access Control (issue 1 of 2).", "references": [ { "reference_url": "https://about.gitlab.com/blog/categories/releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/blog/categories/releases/" }, { "reference_url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13004", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36291", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36321", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36516", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36688", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.3672", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36558", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36609", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36628", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36635", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36601", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36577", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36623", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36606", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36545", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13004" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13004", "reference_id": "CVE-2019-13004", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-13004" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7xu-jxu6-nbh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/292158?format=api", "vulnerability_id": "VCID-mjvv-ykfw-m3h8", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2182", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60778", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60787", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60792", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60765", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60694", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60723", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60689", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60737", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60753", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60777", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60764", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60745", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2182" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/403012", "reference_id": "403012", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:50:39Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/403012" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2182.json", "reference_id": "CVE-2023-2182.json", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:50:39Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2182.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-2182" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mjvv-ykfw-m3h8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/190384?format=api", "vulnerability_id": "VCID-mrh6-g3dm-wygr", "summary": "An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to introduce malicious code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1372", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13732", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25175", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25216", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24987", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25055", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.251", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25114", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25074", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25028", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25019", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.2502", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25593", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8402" }, { "reference_url": "https://hackerone.com/reports/2601569", "reference_id": "2601569", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-13T19:38:50Z/" } ], "url": "https://hackerone.com/reports/2601569" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/482813", "reference_id": "482813", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-13T19:38:50Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/482813" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-8402" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mrh6-g3dm-wygr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/298823?format=api", "vulnerability_id": "VCID-murb-w75s-fuc7", "summary": "An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3950", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14171", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14087", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14162", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14195", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14338", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14403", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14209", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14292", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14346", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14253", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14198", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14088", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3950" }, { "reference_url": "https://hackerone.com/reports/2079154", "reference_id": "2079154", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T13:26:30Z/" } ], "url": "https://hackerone.com/reports/2079154" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419675", "reference_id": "419675", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T13:26:30Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419675" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-3950" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-murb-w75s-fuc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/310422?format=api", "vulnerability_id": "VCID-mv6y-2tud-8fd3", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections in the Git repository import functionality.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01966", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01979", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0198", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01996", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01964", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0196", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0194", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01942", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05226", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05185", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05157", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12073" }, { "reference_url": "https://hackerone.com/reports/3314987", "reference_id": "3314987", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:14:41Z/" } ], "url": "https://hackerone.com/reports/3314987" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/578091", "reference_id": "578091", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:14:41Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/578091" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/", "reference_id": "patch-release-gitlab-18-8-4-released", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:14:41Z/" } ], "url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-12073" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mv6y-2tud-8fd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/180356?format=api", "vulnerability_id": "VCID-mwwz-cchk-xqef", "summary": "The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18843", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48395", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.4833", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48365", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48386", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48338", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48393", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48387", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48411", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48385", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48397", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48448", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48443", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48383", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18843" }, { "reference_url": "https://security.archlinux.org/AVG-802", "reference_id": "AVG-802", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-802" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2018-18843" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mwwz-cchk-xqef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/343279?format=api", "vulnerability_id": "VCID-mxr8-bvf9-3bgk", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packages.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1747", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01877", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01807", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01888", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01881", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01827", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01838", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0184", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01844", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01858", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01845", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0183", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01825", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01809", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1747" }, { "reference_url": "https://hackerone.com/reports/3533088", "reference_id": "3533088", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:38:24Z/" } ], "url": "https://hackerone.com/reports/3533088" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/588385", "reference_id": "588385", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:38:24Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/588385" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/", "reference_id": "patch-release-gitlab-18-9-1-released", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:38:24Z/" } ], "url": "https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-1747" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxr8-bvf9-3bgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240472?format=api", "vulnerability_id": "VCID-mxwg-91tm-p3ha", "summary": "Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22185", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.37979", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38161", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38298", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38321", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.3819", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.3824", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38248", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38267", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38231", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38207", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38254", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38234", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38166", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38002", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22185" }, { "reference_url": "https://security.archlinux.org/AVG-1648", "reference_id": "AVG-1648", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1648" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-22185" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxwg-91tm-p3ha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/213400?format=api", "vulnerability_id": "VCID-n9ub-7759-k3av", "summary": "GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input.", "references": [ { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" }, { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.2752", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27627", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27836", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27887", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27928", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27721", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27789", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27831", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27795", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27738", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27744", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27719", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27679", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10075" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10075", "reference_id": "CVE-2020-10075", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10075" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-10075" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n9ub-7759-k3av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/224017?format=api", "vulnerability_id": "VCID-nahr-4ht9-eqc4", "summary": "Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: >=13.3, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26406", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50338", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50393", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50423", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50375", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50429", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50422", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50463", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.5044", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50425", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50468", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50472", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50449", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50394", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50404", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-26406" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nahr-4ht9-eqc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/223578?format=api", "vulnerability_id": "VCID-nd6x-k1j2-hbg7", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsanitized content in a way that could have allowed an attacker to hide prompt injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4099", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22422", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2264", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22636", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22588", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22433", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2274", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22784", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22574", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2265", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22701", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2272", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22681", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22623", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4099" }, { "reference_url": "https://hackerone.com/reports/2459597", "reference_id": "2459597", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T15:48:40Z/" } ], "url": "https://hackerone.com/reports/2459597" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/457798", "reference_id": "457798", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T15:48:40Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/457798" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-4099" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nd6x-k1j2-hbg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/180205?format=api", "vulnerability_id": "VCID-nm3h-6p78-skgt", "summary": "An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18644", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29589", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29915", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29958", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.30006", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29818", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29881", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29916", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29922", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29876", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29827", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29845", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29825", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29778", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29702", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18644" }, { "reference_url": "https://security.archlinux.org/AVG-802", "reference_id": "AVG-802", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-802" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2018-18644" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nm3h-6p78-skgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/234801?format=api", "vulnerability_id": "VCID-ny29-g19v-2ydm", "summary": "A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10925", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02462", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02802", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03685", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03688", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04137", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03985", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03968", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0398", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04105", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04119", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05929", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08633", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08581", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10925" }, { "reference_url": "https://hackerone.com/reports/2818270", "reference_id": "2818270", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T12:03:27Z/" } ], "url": "https://hackerone.com/reports/2818270" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/502857", "reference_id": "502857", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T12:03:27Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/502857" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-10925" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ny29-g19v-2ydm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/213415?format=api", "vulnerability_id": "VCID-nz87-cedm-f7gb", "summary": "GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.", "references": [ { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" }, { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10083", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16525", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16536", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16617", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.1679", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16847", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16632", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16716", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.1677", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.1675", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16707", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16651", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16588", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16596", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16635", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10083" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10083", "reference_id": "CVE-2020-10083", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:N" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10083" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-10083" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nz87-cedm-f7gb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240566?format=api", "vulnerability_id": "VCID-p14q-utts-57fn", "summary": "A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22252", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50053", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50088", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50115", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50065", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50119", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50113", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.5013", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50103", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.501", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50145", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50117", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50104", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50109", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22252" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-22252" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p14q-utts-57fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206593?format=api", "vulnerability_id": "VCID-p16v-az7h-hfcv", "summary": "An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers to view membership of private groups.", "references": [ { "reference_url": "https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6996", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26748", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26756", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26986", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27064", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26854", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26923", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2697", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26974", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26929", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26871", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26882", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26853", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26814", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6996" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/8187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/8187" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6996", "reference_id": "CVE-2019-6996", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6996" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-6996" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p16v-az7h-hfcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/213396?format=api", "vulnerability_id": "VCID-p1mg-gxy6-huhs", "summary": "GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page.", "references": [ { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" }, { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28566", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28678", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28889", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28964", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.29014", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.2882", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28888", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28929", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28933", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.2889", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.2884", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28861", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28838", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28789", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10073" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10073", "reference_id": "CVE-2020-10073", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10073" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-10073" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p1mg-gxy6-huhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340476?format=api", "vulnerability_id": "VCID-p8tn-npna-z3dk", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content intended only for project members by authenticating through OAuth providers.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0134", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01443", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01434", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01355", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01493", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01486", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02189", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06272", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06248", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06228", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06217", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06313", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7736" }, { "reference_url": "https://hackerone.com/reports/3250156", "reference_id": "3250156", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T20:13:09Z/" } ], "url": "https://hackerone.com/reports/3250156" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/556098", "reference_id": "556098", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T20:13:09Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/556098" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/", "reference_id": "patch-release-gitlab-18-5-2-released", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T20:13:09Z/" } ], "url": "https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-7736" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p8tn-npna-z3dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/342806?format=api", "vulnerability_id": "VCID-pqxu-xqtk-9qg3", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API endpoint.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03341", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03367", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03388", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03346", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03318", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03297", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03273", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03353", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03363", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04616", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04692", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04658", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1080" }, { "reference_url": "https://hackerone.com/reports/3484568", "reference_id": "3484568", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:35:19Z/" } ], "url": "https://hackerone.com/reports/3484568" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/586477", "reference_id": "586477", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:35:19Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/586477" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/", "reference_id": "patch-release-gitlab-18-8-4-released", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:35:19Z/" } ], "url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-1080" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pqxu-xqtk-9qg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/198987?format=api", "vulnerability_id": "VCID-psuk-hqte-gfb1", "summary": "Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19088", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28076", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28148", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28192", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27987", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28055", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28097", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28105", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28062", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28004", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28012", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27995", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27946", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27863", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27751", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19088" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-19088" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-psuk-hqte-gfb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/304618?format=api", "vulnerability_id": "VCID-ptmj-qh5m-9qhy", "summary": "An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4700", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00422", "published_at": "2026-04-26T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00394", "published_at": "2026-04-18T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0042", "published_at": "2026-04-21T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00421", "published_at": "2026-04-24T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00411", "published_at": "2026-04-02T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0041", "published_at": "2026-04-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00403", "published_at": "2026-04-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.004", "published_at": "2026-04-08T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00401", "published_at": "2026-04-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00398", "published_at": "2026-04-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00396", "published_at": "2026-04-13T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0039", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4700" }, { "reference_url": "https://hackerone.com/reports/2129826", "reference_id": "2129826", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:01:29Z/" } ], "url": "https://hackerone.com/reports/2129826" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/421937", "reference_id": "421937", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:01:29Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/421937" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-4700" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ptmj-qh5m-9qhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/273253?format=api", "vulnerability_id": "VCID-pugs-22tq-pqhm", "summary": "Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2235", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54128", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54158", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54134", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54186", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54183", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54233", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54215", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54194", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54232", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54236", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54218", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54197", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2235" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-2235" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pugs-22tq-pqhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/265649?format=api", "vulnerability_id": "VCID-pusc-mrtk-vygq", "summary": "A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1940", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38856", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38989", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.39008", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38939", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38992", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.39006", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.39019", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38982", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38955", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.39003", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38983", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38899", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38736", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38713", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1940" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-1940" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pusc-mrtk-vygq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/310351?format=api", "vulnerability_id": "VCID-pya3-sxre-quff", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute unauthorized quick actions by including malicious commands in specific descriptions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11989", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01234", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01142", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01154", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01223", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01227", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01163", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01169", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.0117", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01156", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.0115", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01153", "published_at": "2026-04-13T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00845", "published_at": "2026-04-04T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00844", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11989" }, { "reference_url": "https://gitlab.com/gitlab-org/security/gitlab/-/issues/1426", "reference_id": "1426", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T14:44:38Z/" } ], "url": "https://gitlab.com/gitlab-org/security/gitlab/-/issues/1426" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/", "reference_id": "patch-release-gitlab-18-5-1-released", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T14:44:38Z/" } ], "url": "https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-11989" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pya3-sxre-quff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/213417?format=api", "vulnerability_id": "VCID-q17s-vtzg-rycn", "summary": "GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace", "references": [ { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" }, { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10084", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22382", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22393", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22526", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22698", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22743", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22531", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22609", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22662", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2268", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22639", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22583", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22598", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22594", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22544", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10084" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10084", "reference_id": "CVE-2020-10084", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10084" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-10084" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q17s-vtzg-rycn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256737?format=api", "vulnerability_id": "VCID-q8sm-1nrb-wfej", "summary": "A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44145", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44179", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44244", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44267", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.442", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44251", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44256", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44274", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44242", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44301", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44292", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44219", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44141", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39885" }, { "reference_url": "https://security.archlinux.org/AVG-2432", "reference_id": "AVG-2432", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2432" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-39885" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q8sm-1nrb-wfej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/338982?format=api", "vulnerability_id": "VCID-qbnp-1usq-cfa1", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain configuration conditions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6195", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01099", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03388", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03375", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03352", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03329", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03341", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03459", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03401", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03418", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0342", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03442", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03403", "published_at": "2026-04-11T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01021", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6195" }, { "reference_url": "https://hackerone.com/reports/3155693", "reference_id": "3155693", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-28T14:39:47Z/" } ], "url": "https://hackerone.com/reports/3155693" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/549937", "reference_id": "549937", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-28T14:39:47Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/549937" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/", "reference_id": "patch-release-gitlab-18-6-1-released", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-28T14:39:47Z/" } ], "url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-6195" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qbnp-1usq-cfa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240553?format=api", "vulnerability_id": "VCID-qj66-stms-tke2", "summary": "Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22244", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34706", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34914", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.3494", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34819", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34864", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34892", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34896", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34859", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34835", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34874", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34858", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34813", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34578", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34558", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22244" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-22244" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qj66-stms-tke2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151925?format=api", "vulnerability_id": "VCID-qk1z-mhk6-ayew", "summary": "The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.", "references": [ { "reference_url": "https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8540", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55064", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55128", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.54981", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55083", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55107", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55133", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55145", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55125", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55149", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8540" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98449" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/10/31/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2014/10/31/2" }, { "reference_url": "http://www.securityfocus.com/bid/70841", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/70841" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8540", "reference_id": "CVE-2014-8540", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8540" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2014-8540" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qk1z-mhk6-ayew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144939?format=api", "vulnerability_id": "VCID-qpzh-fahe-1fau", "summary": "The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4490", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.49784", "scoring_system": "epss", "scoring_elements": "0.97786", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.49784", "scoring_system": "epss", "scoring_elements": "0.97793", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.49784", "scoring_system": "epss", "scoring_elements": "0.97795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.49784", "scoring_system": "epss", "scoring_elements": "0.97798", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.49784", "scoring_system": "epss", "scoring_elements": "0.97802", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.49784", "scoring_system": "epss", "scoring_elements": "0.97805", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.49784", "scoring_system": "epss", "scoring_elements": "0.97808", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.49784", "scoring_system": "epss", "scoring_elements": "0.9781", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.49784", "scoring_system": "epss", "scoring_elements": "0.97811", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.49784", "scoring_system": "epss", "scoring_elements": "0.97817", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.49784", "scoring_system": "epss", "scoring_elements": "0.97819", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.49784", "scoring_system": "epss", "scoring_elements": "0.97818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.49784", "scoring_system": "epss", "scoring_elements": "0.97816", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4490" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34362.rb", "reference_id": "CVE-2013-4490;OSVDB-99371", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34362.rb" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2013-4490" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qpzh-fahe-1fau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329679?format=api", "vulnerability_id": "VCID-qsts-srv4-mkdj", "summary": "An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4972", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05754", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05713", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05959", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05923", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05888", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.059", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06051", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06073", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05882", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05921", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0594", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05931", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06578", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4972" }, { "reference_url": "https://hackerone.com/reports/3148693", "reference_id": "3148693", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:08:31Z/" } ], "url": "https://hackerone.com/reports/3148693" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/543816", "reference_id": "543816", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:08:31Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/543816" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-4972" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qsts-srv4-mkdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/304758?format=api", "vulnerability_id": "VCID-qy5e-vcfg-57hw", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4912", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19078", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1913", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18846", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18926", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18979", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18987", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18939", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18888", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18842", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18854", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18868", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18757", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18736", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4912" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-4912" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qy5e-vcfg-57hw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/310825?format=api", "vulnerability_id": "VCID-r44u-cfuq-tugj", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending specifically crafted requests containing malicious JSON payloads.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12571", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.25812", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26459", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35845", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35872", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35831", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35808", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35847", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35834", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35785", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35794", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35867", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38685", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38661", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12571" }, { "reference_url": "https://hackerone.com/reports/3362239", "reference_id": "3362239", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T14:41:27Z/" } ], "url": "https://hackerone.com/reports/3362239" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/579168", "reference_id": "579168", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T14:41:27Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/579168" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/", "reference_id": "patch-release-gitlab-18-6-1-released", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T14:41:27Z/" } ], "url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-12571" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r44u-cfuq-tugj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/298800?format=api", "vulnerability_id": "VCID-r4xh-hudb-xqaa", "summary": "An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3906", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48813", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48843", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.4886", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48834", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48892", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48888", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48848", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48838", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48793", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48847", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50741", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50733", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3906" }, { "reference_url": "https://hackerone.com/reports/2071411", "reference_id": "2071411", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T14:28:00Z/" } ], "url": "https://hackerone.com/reports/2071411" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419213", "reference_id": "419213", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T14:28:00Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419213" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-3906" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r4xh-hudb-xqaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/283806?format=api", "vulnerability_id": "VCID-r5g4-d645-vyb1", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4092", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05051", "scoring_system": "epss", "scoring_elements": "0.89799", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05051", "scoring_system": "epss", "scoring_elements": "0.89779", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05051", "scoring_system": "epss", "scoring_elements": "0.89772", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05051", "scoring_system": "epss", "scoring_elements": "0.89788", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05051", "scoring_system": "epss", "scoring_elements": "0.89783", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05051", "scoring_system": "epss", "scoring_elements": "0.89798", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05051", "scoring_system": "epss", "scoring_elements": "0.89734", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05051", "scoring_system": "epss", "scoring_elements": "0.89749", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05051", "scoring_system": "epss", "scoring_elements": "0.8975", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05051", "scoring_system": "epss", "scoring_elements": "0.89768", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05051", "scoring_system": "epss", "scoring_elements": "0.89774", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05051", "scoring_system": "epss", "scoring_elements": "0.89781", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4092" }, { "reference_url": "https://hackerone.com/reports/1777934", "reference_id": "1777934", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T17:34:17Z/" } ], "url": "https://hackerone.com/reports/1777934" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/383208", "reference_id": "383208", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T17:34:17Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/383208" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4092.json", "reference_id": "CVE-2022-4092.json", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T17:34:17Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4092.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-4092" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r5g4-d645-vyb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/213404?format=api", "vulnerability_id": "VCID-r5t2-zc9j-1feq", "summary": "GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.", "references": [ { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" }, { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33209", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33226", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33372", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33509", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33542", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33382", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33427", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33461", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33465", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33423", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33399", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33436", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33411", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.3338", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10077" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10077", "reference_id": "CVE-2020-10077", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10077" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-10077" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r5t2-zc9j-1feq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/173892?format=api", "vulnerability_id": "VCID-r8w3-x3eq-pka3", "summary": "GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.", "references": [ { "reference_url": "https://about.gitlab.com/2017/02/15/gitlab-8-dot-16-dot-5-security-release/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/2017/02/15/gitlab-8-dot-16-dot-5-security-release/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22253", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22266", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22399", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22566", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22609", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22396", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22477", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22532", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22551", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2251", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22455", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22471", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22468", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22418", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8778" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/27471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/27471" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:8.15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:8.15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:8.15.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:8.15.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:8.15.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:8.15.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.15.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:8.16.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:8.16.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:8.16.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:8.16.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:8.16.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:8.16.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8778", "reference_id": "CVE-2017-8778", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8778" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2017-8778" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r8w3-x3eq-pka3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144953?format=api", "vulnerability_id": "VCID-r9hj-3rtr-kkea", "summary": "The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4546", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44514", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.4459", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44611", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44549", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44599", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44605", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44621", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44592", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44593", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44649", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44642", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44573", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44487", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.4449", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4546" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2013-4546" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r9hj-3rtr-kkea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240560?format=api", "vulnerability_id": "VCID-r9sh-n914-kfhc", "summary": "Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22248", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44501", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44577", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44598", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44535", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44585", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.4459", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44606", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44578", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44627", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44557", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.4447", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44474", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22248" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-22248" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r9sh-n914-kfhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/224198?format=api", "vulnerability_id": "VCID-rd3n-uts6-tkb5", "summary": "An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12492", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12399", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12403", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12518", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12526", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12625", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12666", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12479", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12557", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12608", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12575", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12535", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12496", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4278" }, { "reference_url": "https://hackerone.com/reports/2466205", "reference_id": "2466205", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T13:39:52Z/" } ], "url": "https://hackerone.com/reports/2466205" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/458484", "reference_id": "458484", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T13:39:52Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/458484" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-4278" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rd3n-uts6-tkb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/265654?format=api", "vulnerability_id": "VCID-rf6c-3v98-qub2", "summary": "An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1948", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.79957", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.79965", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.79986", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.79975", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80003", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80012", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80032", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80016", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80008", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80036", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80038", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80065", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.8007", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1948" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-1948" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rf6c-3v98-qub2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350987?format=api", "vulnerability_id": "VCID-rfzk-kkg4-eqhs", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9484", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01791", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01784", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01773", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01771", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02731", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02843", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02835", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02823", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02719", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9484" }, { "reference_url": "https://hackerone.com/reports/3303810", "reference_id": "3303810", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:03:07Z/" } ], "url": "https://hackerone.com/reports/3303810" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/565363", "reference_id": "565363", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:03:07Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/565363" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "reference_id": "patch-release-gitlab-18-10-3-released", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:03:07Z/" } ], "url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-9484" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rfzk-kkg4-eqhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216138?format=api", "vulnerability_id": "VCID-rjdh-k6dk-5yc7", "summary": "A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41021", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41104", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41135", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41061", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.4111", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41118", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41138", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41087", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.4113", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41101", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41027", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40931", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40917", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13273" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13273" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rjdh-k6dk-5yc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/188976?format=api", "vulnerability_id": "VCID-rk8u-a815-fyg9", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8977", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19387", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19485", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19494", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19505", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19396", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19717", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19766", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19491", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19569", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19622", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19626", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19578", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1952", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8977" }, { "reference_url": "https://hackerone.com/reports/2697456", "reference_id": "2697456", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T13:53:25Z/" } ], "url": "https://hackerone.com/reports/2697456" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/491060", "reference_id": "491060", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T13:53:25Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/491060" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-8977" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rk8u-a815-fyg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/205560?format=api", "vulnerability_id": "VCID-rkvt-edq1-xqf6", "summary": "An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41091", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41096", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41185", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41277", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41306", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.4123", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41281", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41288", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.4131", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41278", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41265", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41309", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.4128", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41206", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5473" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11643", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11643" }, { "reference_url": "https://hackerone.com/reports/565883", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/565883" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:12.0.4:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:12.0.4:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:12.0.4:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:12.1.2:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:12.1.2:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:12.1.2:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5473", "reference_id": "CVE-2019-5473", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5473" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-5473" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rkvt-edq1-xqf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206497?format=api", "vulnerability_id": "VCID-rmgh-bkgf-ykfv", "summary": "An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32009", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32136", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32175", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31998", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.3205", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32079", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32082", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32044", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32011", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32045", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32023", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31996", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31831", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31705", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6797" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-6797" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rmgh-bkgf-ykfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/310828?format=api", "vulnerability_id": "VCID-s3y1-pgra-auab", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through the GitLab server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02707", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02729", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02749", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02719", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02704", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.027", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02681", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0269", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0272", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02726", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03986", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04004", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03998", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12575" }, { "reference_url": "https://hackerone.com/reports/3397752", "reference_id": "3397752", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:15:19Z/" } ], "url": "https://hackerone.com/reports/3397752" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/579171", "reference_id": "579171", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:15:19Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/579171" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/", "reference_id": "patch-release-gitlab-18-8-4-released", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:15:19Z/" } ], "url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-12575" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s3y1-pgra-auab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/307428?format=api", "vulnerability_id": "VCID-sdac-wwd7-c7bt", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18372", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18467", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18488", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18389", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18709", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18763", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18479", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1856", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18612", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18614", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18568", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18515", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18457", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6736" }, { "reference_url": "https://hackerone.com/reports/2269023", "reference_id": "2269023", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T17:28:36Z/" } ], "url": "https://hackerone.com/reports/2269023" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/435036", "reference_id": "435036", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T17:28:36Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/435036" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-6736" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sdac-wwd7-c7bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/342750?format=api", "vulnerability_id": "VCID-sfmb-e2eg-6bh6", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0958", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10297", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10338", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10404", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10432", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10393", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10372", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10242", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10213", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10364", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10265", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10918", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10836", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10877", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0958" }, { "reference_url": "https://hackerone.com/reports/3463363", "reference_id": "3463363", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:19:34Z/" } ], "url": "https://hackerone.com/reports/3463363" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/586202", "reference_id": "586202", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:19:34Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/586202" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/", "reference_id": "patch-release-gitlab-18-8-4-released", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:19:34Z/" } ], "url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-0958" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sfmb-e2eg-6bh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216136?format=api", "vulnerability_id": "VCID-sk4h-79hx-wuea", "summary": "OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13272", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31932", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.3206", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.321", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31923", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31974", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.32003", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.32006", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31967", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31933", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31945", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31919", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31749", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31622", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13272" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13272" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sk4h-79hx-wuea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201084?format=api", "vulnerability_id": "VCID-ss26-fdeq-hkc4", "summary": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28503", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28589", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28632", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28434", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28502", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28542", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28543", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28501", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28451", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28467", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28444", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28394", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2828", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28168", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20142" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-20142" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ss26-fdeq-hkc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216130?format=api", "vulnerability_id": "VCID-sscz-y8wj-pyah", "summary": "A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13268", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30678", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.3081", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30857", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30676", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30735", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30767", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.3077", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30726", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30681", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30705", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30687", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30654", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30477", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30363", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13268" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13268" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sscz-y8wj-pyah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/264949?format=api", "vulnerability_id": "VCID-sueq-u9x4-27hh", "summary": "An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33845", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34249", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34285", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34236", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33867", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34349", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34376", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.3424", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34283", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34312", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34313", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34272", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3303" }, { "reference_url": "https://hackerone.com/reports/2418620", "reference_id": "2418620", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-13T14:35:39Z/" } ], "url": "https://hackerone.com/reports/2418620" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/454460", "reference_id": "454460", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-13T14:35:39Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/454460" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-3303" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sueq-u9x4-27hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/342601?format=api", "vulnerability_id": "VCID-szgt-ynh2-xfgf", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device responses.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0723", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01526", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01431", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01519", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01528", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01426", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0143", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01435", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0144", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01441", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01433", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01425", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01427", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01417", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0723" }, { "reference_url": "https://hackerone.com/reports/3476052", "reference_id": "3476052", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-23T04:55:20Z/" } ], "url": "https://hackerone.com/reports/3476052" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/585333", "reference_id": "585333", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-23T04:55:20Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/585333" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/", "reference_id": "patch-release-gitlab-18-8-2-released", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-23T04:55:20Z/" } ], "url": "https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-0723" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-szgt-ynh2-xfgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216150?format=api", "vulnerability_id": "VCID-szky-dm8n-qfdv", "summary": "For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13285", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32512", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32656", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32692", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32515", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32562", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32588", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.3259", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32553", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32525", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32561", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.3254", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32507", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32342", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32226", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13285" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13285" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-szky-dm8n-qfdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/233650?format=api", "vulnerability_id": "VCID-t65w-w89v-zkfw", "summary": "GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7967", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14357", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14443", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14512", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1432", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14402", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14457", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14406", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14369", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14203", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14201", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14273", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14299", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14276", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7967" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-7967" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t65w-w89v-zkfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/273248?format=api", "vulnerability_id": "VCID-t6av-eueg-t7h3", "summary": "Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2228", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36112", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36142", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35978", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36028", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36051", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36058", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3602", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35994", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36033", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36019", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35967", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3574", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35708", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2228" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-2228" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t6av-eueg-t7h3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256734?format=api", "vulnerability_id": "VCID-teya-apph-1bhn", "summary": "Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42003", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42062", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42123", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42151", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42088", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42139", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.4215", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42172", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42135", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42111", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42162", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42136", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42066", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42008", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39883" }, { "reference_url": "https://security.archlinux.org/AVG-2432", "reference_id": "AVG-2432", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2432" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-39883" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-teya-apph-1bhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/273431?format=api", "vulnerability_id": "VCID-tfvb-2gmk-9qdq", "summary": "An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2501", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35658", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35683", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35563", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35609", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35633", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35642", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35598", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35575", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35614", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35603", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35554", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35315", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35295", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2501" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-2501" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tfvb-2gmk-9qdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/310943?format=api", "vulnerability_id": "VCID-tka7-kvyt-puev", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by creating wiki pages with malicious content.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12716", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24802", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.2484", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24612", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24682", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24729", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24742", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30037", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29972", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29899", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29784", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.3007", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30021", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30016", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12716" }, { "reference_url": "https://hackerone.com/reports/3405832", "reference_id": "3405832", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-12T04:55:49Z/" } ], "url": "https://hackerone.com/reports/3405832" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/579548", "reference_id": "579548", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-12T04:55:49Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/579548" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/", "reference_id": "patch-release-gitlab-18-6-2-released", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-12T04:55:49Z/" } ], "url": "https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-12716" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tka7-kvyt-puev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/180208?format=api", "vulnerability_id": "VCID-tnfb-sr49-ykhd", "summary": "An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18647", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23944", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24123", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24252", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24287", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24072", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24139", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24184", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24203", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24161", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24104", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24118", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24105", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24082", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23956", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18647" }, { "reference_url": "https://security.archlinux.org/AVG-802", "reference_id": "AVG-802", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-802" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2018-18647" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tnfb-sr49-ykhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350995?format=api", "vulnerability_id": "VCID-trh9-jq39-6kd6", "summary": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due to improper input sanitization.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4332", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04303", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04294", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0428", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04258", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04382", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08873", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09019", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09064", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09013", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4332" }, { "reference_url": "https://hackerone.com/reports/3600345", "reference_id": "3600345", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:04:56Z/" } ], "url": "https://hackerone.com/reports/3600345" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/593853", "reference_id": "593853", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:04:56Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/593853" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "reference_id": "patch-release-gitlab-18-10-3-released", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:04:56Z/" } ], "url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-4332" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-trh9-jq39-6kd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218349?format=api", "vulnerability_id": "VCID-ttu3-zyg3-8yag", "summary": "GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15525", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30678", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.3081", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30857", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30676", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30735", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30767", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.3077", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30726", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30681", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30705", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30687", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30654", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30477", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30363", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15525" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-15525" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ttu3-zyg3-8yag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/342817?format=api", "vulnerability_id": "VCID-twdw-r81r-cycv", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1094", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05353", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05391", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05425", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05447", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05421", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05408", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.054", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05356", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05383", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06408", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06394", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06431", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1094" }, { "reference_url": "https://hackerone.com/reports/3502519", "reference_id": "3502519", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:18:29Z/" } ], "url": "https://hackerone.com/reports/3502519" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/586483", "reference_id": "586483", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:18:29Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/586483" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitaly:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitaly:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitaly:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/", "reference_id": "patch-release-gitlab-18-8-4-released", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:18:29Z/" } ], "url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-1094" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-twdw-r81r-cycv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/324276?format=api", "vulnerability_id": "VCID-u11d-8ny8-vbec", "summary": "An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3396", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06043", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06269", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06227", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0624", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06389", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06403", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06077", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0621", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06252", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06293", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06284", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0628", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07054", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3396" }, { "reference_url": "https://hackerone.com/reports/3079956", "reference_id": "3079956", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:11:33Z/" } ], "url": "https://hackerone.com/reports/3079956" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/534636", "reference_id": "534636", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:11:33Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/534636" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-3396" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u11d-8ny8-vbec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/180776?format=api", "vulnerability_id": "VCID-u2g4-4zhu-ckhf", "summary": "GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19579", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21022", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21177", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21232", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20946", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21027", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21086", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21104", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.2106", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21008", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20998", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20997", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20976", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20847", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20844", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19579" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2018-19579" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2g4-4zhu-ckhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/192542?format=api", "vulnerability_id": "VCID-u4aa-8258-t7f5", "summary": "An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11000", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66119", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.6608", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66051", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66086", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.661", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66088", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66108", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66093", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.66844", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.66869", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.66842", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.66891", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.66904", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.66805", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11000" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-11000" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u4aa-8258-t7f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/250861?format=api", "vulnerability_id": "VCID-u532-5wns-v7h3", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary to permissions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-0861", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06123", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05908", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05919", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06071", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06094", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05879", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05912", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05903", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05942", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05981", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05962", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05953", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05943", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-0861" }, { "reference_url": "https://hackerone.com/reports/2316435", "reference_id": "2316435", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:54:15Z/" } ], "url": "https://hackerone.com/reports/2316435" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/439240", "reference_id": "439240", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:54:15Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/439240" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-0861" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u532-5wns-v7h3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/193020?format=api", "vulnerability_id": "VCID-ufwe-mte5-dqb3", "summary": "An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue.", "references": [ { "reference_url": "https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11545", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.2967", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29784", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30004", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30043", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.3009", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29903", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29964", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.3", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29959", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.2991", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29927", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29907", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29861", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11545" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/58939", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/58939" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11545", "reference_id": "CVE-2019-11545", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11545" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-11545" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ufwe-mte5-dqb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/307401?format=api", "vulnerability_id": "VCID-ugmm-9je6-37df", "summary": "An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6680", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07123", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07171", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07145", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.072", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07232", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07229", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07216", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07207", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07144", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07122", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08397", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08368", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08598", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6680" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-6680" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugmm-9je6-37df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/232298?format=api", "vulnerability_id": "VCID-uh8v-d6sj-u3h9", "summary": "An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicious code to the CLI commands shown in the UI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24238", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24415", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24406", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24378", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24251", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24557", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24594", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24371", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24441", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24485", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.245", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24456", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24398", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9773" }, { "reference_url": "https://hackerone.com/reports/2671808", "reference_id": "2671808", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T13:07:31Z/" } ], "url": "https://hackerone.com/reports/2671808" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/498557", "reference_id": "498557", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T13:07:31Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/498557" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-9773" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uh8v-d6sj-u3h9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/279120?format=api", "vulnerability_id": "VCID-uv5z-hewg-xfgs", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Zentao project issues.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3331", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.3851", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38747", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38793", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38771", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38691", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38535", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38789", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.3881", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38738", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38788", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38799", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38811", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38775", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3331" }, { "reference_url": "https://hackerone.com/reports/1542834", "reference_id": "1542834", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T20:18:42Z/" } ], "url": "https://hackerone.com/reports/1542834" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/360372", "reference_id": "360372", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T20:18:42Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/360372" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3331.json", "reference_id": "CVE-2022-3331.json", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T20:18:42Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3331.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-3331" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uv5z-hewg-xfgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/273445?format=api", "vulnerability_id": "VCID-uy7c-3b17-wydj", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing unauthenticated users to perform queries through a path traversal vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2531", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71136", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71153", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71128", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.7117", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71182", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71206", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71192", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71175", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71221", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71228", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71205", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71259", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71267", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2531" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-2531" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uy7c-3b17-wydj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/189806?format=api", "vulnerability_id": "VCID-uya4-erjm-fkbp", "summary": "A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URL", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8635", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21402", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21553", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21407", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21721", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21777", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21527", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21603", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21661", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21673", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21635", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21577", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21575", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21582", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8635" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/455273", "reference_id": "455273", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:20:26Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/455273" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-8635" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uya4-erjm-fkbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/191809?format=api", "vulnerability_id": "VCID-vbx6-nfew-muep", "summary": "An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10108", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32137", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32114", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32087", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31924", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31796", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32864", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32865", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32799", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32801", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32826", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.3293", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32965", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32787", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32835", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10108" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-10108" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vbx6-nfew-muep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/320043?format=api", "vulnerability_id": "VCID-vcqv-pb1k-b3db", "summary": "An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2443", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23162", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23118", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24459", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24345", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24414", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24473", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.2443", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24372", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46836", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.4678", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46763", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46774", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46833", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2443" }, { "reference_url": "https://hackerone.com/reports/3037340", "reference_id": "3037340", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-20T17:27:10Z/" } ], "url": "https://hackerone.com/reports/3037340" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/525363", "reference_id": "525363", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-20T17:27:10Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/525363" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-2443" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vcqv-pb1k-b3db" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/265675?format=api", "vulnerability_id": "VCID-vg4f-1qtj-gyba", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the 'Invite a group' feature to invite a group that has members that don't comply with domain allow-list.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39633", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39781", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39804", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39724", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39777", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39791", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.398", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39765", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39748", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39798", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39769", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39686", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39507", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39494", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1981" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-1981" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vg4f-1qtj-gyba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/213431?format=api", "vulnerability_id": "VCID-vhnx-kfu7-uybp", "summary": "GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.", "references": [ { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" }, { "reference_url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10092", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.2752", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27627", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27836", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27887", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27928", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27721", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27789", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27831", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27795", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27738", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27744", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27719", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27679", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10092" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10092", "reference_id": "CVE-2020-10092", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10092" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-10092" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vhnx-kfu7-uybp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78216?format=api", "vulnerability_id": "VCID-vj3b-nrqw-ckex", "summary": "gitlab: Privilege Escalation through pipeline jobs", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3932.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3932.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2053", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20655", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20646", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20533", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20841", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20898", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20612", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20688", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20749", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20768", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20724", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20672", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20658", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3932" }, { "reference_url": "https://hackerone.com/reports/2057633", "reference_id": "2057633", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-24T13:25:44Z/" } ], "url": "https://hackerone.com/reports/2057633" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228986", "reference_id": "2228986", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228986" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/417594", "reference_id": "417594", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-24T13:25:44Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/417594" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-3932" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vj3b-nrqw-ckex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/306639?format=api", "vulnerability_id": "VCID-vqjx-a3nf-yqhv", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-desk custom email template.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5600", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11043", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10981", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12139", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12004", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12087", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12147", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1211", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12079", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17275", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17315", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17221", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17199", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17282", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5600" }, { "reference_url": "https://hackerone.com/reports/2209702", "reference_id": "2209702", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-20T19:51:52Z/" } ], "url": "https://hackerone.com/reports/2209702" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/428268", "reference_id": "428268", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-20T19:51:52Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/428268" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-5600" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vqjx-a3nf-yqhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/233655?format=api", "vulnerability_id": "VCID-vt4q-95e8-gufh", "summary": "GitLab EE 11.0 and later through 12.7.2 allows XSS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7971", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27836", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27887", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27928", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27721", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27789", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27831", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27795", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27738", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27744", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27719", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27679", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27627", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.2752", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7971" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-7971" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vt4q-95e8-gufh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/205556?format=api", "vulnerability_id": "VCID-vt5a-3cc5-x7d6", "summary": "An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.", "references": [ { "reference_url": "https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5471", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2106", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21057", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21187", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21338", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21393", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21147", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21226", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21288", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21298", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21258", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21204", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21198", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21207", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21184", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5471" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11515" }, { "reference_url": "https://hackerone.com/reports/496973", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/496973" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5471", "reference_id": "CVE-2019-5471", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5471" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-5471" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vt5a-3cc5-x7d6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/273430?format=api", "vulnerability_id": "VCID-vuku-4geu-eue8", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2499", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38212", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38234", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38104", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38154", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38162", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38181", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38145", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.3812", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38166", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38147", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38082", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37867", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37844", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2499" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-2499" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vuku-4geu-eue8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/307265?format=api", "vulnerability_id": "VCID-vvbx-z929-vqdf", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01911", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01837", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01921", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01915", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01861", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01873", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01874", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01877", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01891", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01876", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0186", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01856", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01838", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6477" }, { "reference_url": "https://hackerone.com/reports/2270898", "reference_id": "2270898", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-22T16:24:56Z/" } ], "url": "https://hackerone.com/reports/2270898" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/433463", "reference_id": "433463", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-22T16:24:56Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/433463" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-6477" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vvbx-z929-vqdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78228?format=api", "vulnerability_id": "VCID-vx3v-n38w-b3cj", "summary": "gitlab: access tokens may have been logged on specific queries", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3993.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3993.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25047", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25059", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25299", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2534", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25118", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25187", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25232", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25246", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25205", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25152", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25161", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25151", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3993" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228522", "reference_id": "2228522", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228522" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/409570", "reference_id": "409570", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T15:41:18Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/409570" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-3993" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vx3v-n38w-b3cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178183?format=api", "vulnerability_id": "VCID-vxux-8ddv-zkfr", "summary": "An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14601", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46125", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46166", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46185", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46133", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.4619", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46188", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46212", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46184", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46193", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.4625", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46246", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46171", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46179", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14601" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2018-14601" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vxux-8ddv-zkfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/319895?format=api", "vulnerability_id": "VCID-vydj-4uzb-rfe8", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2254", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27744", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27706", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27535", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51509", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51562", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.5157", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51549", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51502", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.5151", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51508", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51551", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.5153", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51518", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2254" }, { "reference_url": "https://hackerone.com/reports/2973939", "reference_id": "2973939", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-12T13:38:28Z/" } ], "url": "https://hackerone.com/reports/2973939" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/524636", "reference_id": "524636", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-12T13:38:28Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/524636" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-2254" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vydj-4uzb-rfe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/214821?format=api", "vulnerability_id": "VCID-vzxz-v49p-7kh4", "summary": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20663", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20806", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20865", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20578", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20655", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20716", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20735", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20692", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20639", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20626", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20624", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20615", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20502", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20499", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11505" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-11505" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vzxz-v49p-7kh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/279107?format=api", "vulnerability_id": "VCID-w5va-ty5z-1qea", "summary": "Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3286", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31144", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.3147", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31439", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31269", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31586", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.3163", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31451", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31504", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31533", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31538", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31496", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31459", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31492", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3286" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/363827", "reference_id": "363827", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:45:05Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/363827" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3286.json", "reference_id": "CVE-2022-3286.json", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:45:05Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3286.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-3286" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w5va-ty5z-1qea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/283969?format=api", "vulnerability_id": "VCID-w6ms-gbth-wuhr", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4331", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49559", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55781", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5584", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55822", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55858", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55862", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55764", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55798", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55849", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55852", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5586", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4331" }, { "reference_url": "https://hackerone.com/reports/1791518", "reference_id": "1791518", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-28T17:24:15Z/" } ], "url": "https://hackerone.com/reports/1791518" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/385050", "reference_id": "385050", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-28T17:24:15Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/385050" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4331.json", "reference_id": "CVE-2022-4331.json", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-28T17:24:15Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4331.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-4331" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w6ms-gbth-wuhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340410?format=api", "vulnerability_id": "VCID-w6rc-dm6j-p3gx", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7659", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.0068", "published_at": "2026-04-02T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00672", "published_at": "2026-04-04T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00675", "published_at": "2026-04-08T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00667", "published_at": "2026-04-11T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.0066", "published_at": "2026-04-12T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00661", "published_at": "2026-04-13T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00654", "published_at": "2026-04-16T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00658", "published_at": "2026-04-18T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00874", "published_at": "2026-04-26T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00871", "published_at": "2026-04-24T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00869", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7659" }, { "reference_url": "https://hackerone.com/reports/3234976", "reference_id": "3234976", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-12T04:55:15Z/" } ], "url": "https://hackerone.com/reports/3234976" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/555440", "reference_id": "555440", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-12T04:55:15Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/555440" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/", "reference_id": "patch-release-gitlab-18-8-4-released", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-12T04:55:15Z/" } ], "url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-7659" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w6rc-dm6j-p3gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216222?format=api", "vulnerability_id": "VCID-w8dv-vtxr-4kem", "summary": "An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13336", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31155", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31282", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31324", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31143", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31196", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31227", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31231", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31187", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31144", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31177", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31158", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31128", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30967", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30846", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13336" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13336" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8dv-vtxr-4kem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/292629?format=api", "vulnerability_id": "VCID-wbbc-jcdc-p7dy", "summary": "An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2825", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92182", "scoring_system": "epss", "scoring_elements": "0.99712", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.92182", "scoring_system": "epss", "scoring_elements": "0.99719", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.92182", "scoring_system": "epss", "scoring_elements": "0.99718", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.92182", "scoring_system": "epss", "scoring_elements": "0.99716", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.92182", "scoring_system": "epss", "scoring_elements": "0.99714", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.92182", "scoring_system": "epss", "scoring_elements": "0.99713", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.92301", "scoring_system": "epss", "scoring_elements": "0.9972", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.92301", "scoring_system": "epss", "scoring_elements": "0.99719", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.92301", "scoring_system": "epss", "scoring_elements": "0.99721", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2825" }, { "reference_url": "https://hackerone.com/reports/1994725", "reference_id": "1994725", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-15T15:45:06Z/" } ], "url": "https://hackerone.com/reports/1994725" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/412371", "reference_id": "412371", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-15T15:45:06Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/412371" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2825.json", "reference_id": "CVE-2023-2825.json", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-15T15:45:06Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2825.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-2825" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbbc-jcdc-p7dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353907?format=api", "vulnerability_id": "VCID-wbmg-kdbe-3yg5", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3254", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01519", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01518", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3254" }, { "reference_url": "https://hackerone.com/reports/3572752", "reference_id": "3572752", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:39:38Z/" } ], "url": "https://hackerone.com/reports/3572752" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/591587", "reference_id": "591587", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:39:38Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/591587" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-3254" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbmg-kdbe-3yg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329089?format=api", "vulnerability_id": "VCID-wdkr-sgyg-muae", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33583", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33551", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33423", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59867", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59848", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59886", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59892", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59878", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59849", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59863", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59884", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59868", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4278" }, { "reference_url": "https://hackerone.com/reports/3085738", "reference_id": "3085738", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-12T13:43:03Z/" } ], "url": "https://hackerone.com/reports/3085738" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/539198", "reference_id": "539198", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-12T13:43:03Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/539198" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-4278" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wdkr-sgyg-muae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/309481?format=api", "vulnerability_id": "VCID-wfh2-u7mp-q3cs", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10867", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07197", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07282", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07272", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07202", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07322", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07241", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07219", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07274", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07301", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07296", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07919", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07952", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10867" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/517757", "reference_id": "517757", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T15:33:16Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/517757" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-10867" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wfh2-u7mp-q3cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/298514?format=api", "vulnerability_id": "VCID-whju-3tkp-wqbv", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a member of.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05335", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05366", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05378", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05412", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05435", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05404", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05392", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05384", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05333", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05496", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05537", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05574", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3511" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-3511" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-whju-3tkp-wqbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/191819?format=api", "vulnerability_id": "VCID-wjax-pq2u-77db", "summary": "An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication process, the application attempts to validate a parameter in an insecure way, potentially exposing data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10114", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46317", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46314", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46257", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46239", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.4625", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47576", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47528", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47584", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.476", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47556", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47577", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47525", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.4758", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10114" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-10114" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wjax-pq2u-77db" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200933?format=api", "vulnerability_id": "VCID-wuky-wgxh-xkgc", "summary": "An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30079", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30394", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30396", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30353", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30306", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30322", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30304", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30259", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30194", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30445", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.3049", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30301", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.3036", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5067" }, { "reference_url": "https://hackerone.com/reports/2462303", "reference_id": "2462303", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T15:32:48Z/" } ], "url": "https://hackerone.com/reports/2462303" }, { "reference_url": "https://hackerone.com/reports/2502047", "reference_id": "2502047", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T15:32:48Z/" } ], "url": "https://hackerone.com/reports/2502047" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/458504", "reference_id": "458504", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T15:32:48Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/458504" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/462427", "reference_id": "462427", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T15:32:48Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/462427" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-5067" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wuky-wgxh-xkgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/334170?format=api", "vulnerability_id": "VCID-wz3j-dsp8-eygv", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5195", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02399", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02389", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02397", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08942", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08945", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08992", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08952", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.0898", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08976", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08941", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08928", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08818", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08791", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5195" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/534960", "reference_id": "534960", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:22:10Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/534960" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-5195" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wz3j-dsp8-eygv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/194319?format=api", "vulnerability_id": "VCID-x2re-b85h-zqhw", "summary": "An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect Access Control.", "references": [ { "reference_url": "https://about.gitlab.com/blog/categories/releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/blog/categories/releases/" }, { "reference_url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36201", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36232", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36426", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36599", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36632", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36469", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.3652", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.3654", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36547", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36512", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36489", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36533", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36515", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.3646", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13005" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13005", "reference_id": "CVE-2019-13005", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13005" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-13005" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2re-b85h-zqhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216132?format=api", "vulnerability_id": "VCID-x44a-mdf3-93f4", "summary": "A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13269", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65312", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65361", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65387", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65351", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65404", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65415", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65434", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.6542", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65393", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65429", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65425", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65441", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65453", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13269" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13269" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x44a-mdf3-93f4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/234853?format=api", "vulnerability_id": "VCID-x4dc-1ecc-gfg9", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10043", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41196", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41415", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41387", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41314", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41202", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41383", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41412", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41339", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.4139", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41397", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41417", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41386", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41371", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10043" }, { "reference_url": "https://hackerone.com/reports/2774817", "reference_id": "2774817", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T15:21:15Z/" } ], "url": "https://hackerone.com/reports/2774817" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/499577", "reference_id": "499577", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T15:21:15Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/499577" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-10043" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x4dc-1ecc-gfg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/191823?format=api", "vulnerability_id": "VCID-x4jq-mjm7-kfbd", "summary": "An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10117", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32769", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32746", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32716", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32565", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32448", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33594", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33588", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33488", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33523", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33546", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33643", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33677", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33515", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.3356", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10117" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-10117" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x4jq-mjm7-kfbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240564?format=api", "vulnerability_id": "VCID-x5nn-pu4m-pbdh", "summary": "Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22251", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44316", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44404", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44426", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.4436", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44412", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44418", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44436", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44403", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.4446", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.4445", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44379", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44277", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.4428", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22251" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-22251" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x5nn-pu4m-pbdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199413?format=api", "vulnerability_id": "VCID-x7ax-e9y6-zya6", "summary": "In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25264", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2534", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2538", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25157", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25226", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25271", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25286", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25244", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2519", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25199", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25189", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25159", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25108", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25096", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19629" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-19629" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x7ax-e9y6-zya6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199183?format=api", "vulnerability_id": "VCID-x8ye-nvmk-g3hx", "summary": "GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19313", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48787", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48825", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48851", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48805", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.4886", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48856", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48872", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48846", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48854", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48904", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.489", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48848", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48858", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-19313" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x8ye-nvmk-g3hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/194314?format=api", "vulnerability_id": "VCID-xbhh-rgrh-n3g8", "summary": "An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control.", "references": [ { "reference_url": "https://about.gitlab.com/blog/categories/releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/blog/categories/releases/" }, { "reference_url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21081", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21079", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21211", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21367", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21421", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21173", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21253", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21314", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21324", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21283", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2123", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21223", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21233", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13002" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13002", "reference_id": "CVE-2019-13002", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13002" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-13002" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xbhh-rgrh-n3g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/264820?format=api", "vulnerability_id": "VCID-xkez-a8pc-6kdz", "summary": "An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0738", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40409", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40497", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40524", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40445", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40496", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40507", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40528", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.4049", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.4047", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40518", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40487", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.4041", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.403", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40288", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0738" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-0738" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xkez-a8pc-6kdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340779?format=api", "vulnerability_id": "VCID-xmtp-1bt1-2be5", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8099", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10829", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10797", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10853", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10866", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10834", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1081", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10671", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10686", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10893", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10721", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1141", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11311", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11355", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8099" }, { "reference_url": "https://hackerone.com/reports/3240210", "reference_id": "3240210", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:14:00Z/" } ], "url": "https://hackerone.com/reports/3240210" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/557165", "reference_id": "557165", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:14:00Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/557165" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/", "reference_id": "patch-release-gitlab-18-8-4-released", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:14:00Z/" } ], "url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-8099" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmtp-1bt1-2be5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/233659?format=api", "vulnerability_id": "VCID-xr8q-yjyj-97af", "summary": "GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7976", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22526", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22698", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22743", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22531", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22609", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22662", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2268", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22639", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22583", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22598", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22594", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22544", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22393", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22382", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7976" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-7976" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xr8q-yjyj-97af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/306216?format=api", "vulnerability_id": "VCID-xx1a-64aa-bqc7", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07102", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07151", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07126", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07179", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0721", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07208", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12179", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12287", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1227", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12237", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1232", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12282", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12182", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5009" }, { "reference_url": "https://hackerone.com/reports/2147126", "reference_id": "2147126", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:51:08Z/" } ], "url": "https://hackerone.com/reports/2147126" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/425304", "reference_id": "425304", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:51:08Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/425304" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-5009" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xx1a-64aa-bqc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199180?format=api", "vulnerability_id": "VCID-y18c-pjw8-3bc3", "summary": "GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41106", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41197", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41228", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41154", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41203", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41211", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41232", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.412", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41186", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41229", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41126", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41015", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19311" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-19311" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y18c-pjw8-3bc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/224072?format=api", "vulnerability_id": "VCID-y1e2-9x7h-4feb", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10485", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1039", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10375", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10503", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10488", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10476", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10544", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10408", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10482", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1055", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10579", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10546", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10524", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4283" }, { "reference_url": "https://hackerone.com/reports/2474286", "reference_id": "2474286", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T13:07:37Z/" } ], "url": "https://hackerone.com/reports/2474286" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/458502", "reference_id": "458502", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T13:07:37Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/458502" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-4283" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y1e2-9x7h-4feb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/283972?format=api", "vulnerability_id": "VCID-y1ja-wmsu-8kew", "summary": "A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4335", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58742", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58744", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58776", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58781", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.5876", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58728", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58716", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58737", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58705", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58758", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58764", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58783", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4335" }, { "reference_url": "https://hackerone.com/reports/1462437", "reference_id": "1462437", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-28T14:37:07Z/" } ], "url": "https://hackerone.com/reports/1462437" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/353018", "reference_id": "353018", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-28T14:37:07Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/353018" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4335.json", "reference_id": "CVE-2022-4335.json", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-28T14:37:07Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4335.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-4335" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y1ja-wmsu-8kew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/273286?format=api", "vulnerability_id": "VCID-y2gt-g94n-8bh6", "summary": "An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2281", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43098", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43126", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43064", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43118", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.4313", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43151", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43103", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43163", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43153", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43087", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43021", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43024", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2281" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2022-2281" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y2gt-g94n-8bh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/311975?format=api", "vulnerability_id": "VCID-yekv-ygxp-hbf8", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14103", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02431", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02357", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02455", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02443", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0237", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0238", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02377", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02382", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02402", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02368", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02367", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02351", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14103" }, { "reference_url": "https://hackerone.com/reports/3448317", "reference_id": "3448317", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T20:52:13Z/" } ], "url": "https://hackerone.com/reports/3448317" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/583053", "reference_id": "583053", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T20:52:13Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/583053" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/", "reference_id": "patch-release-gitlab-18-9-1-released", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T20:52:13Z/" } ], "url": "https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-14103" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yekv-ygxp-hbf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65178?format=api", "vulnerability_id": "VCID-yfqm-sp6g-gbaf", "summary": "gitlab: GitLab: Stored Cross-Site Scripting via GitLab Flavored Markdown", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9222.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9222.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9222", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10917", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1106", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10879", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1089", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11007", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10962", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11123", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10944", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11022", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11075", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11079", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11047", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11025", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9222" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428222", "reference_id": "2428222", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428222" }, { "reference_url": "https://hackerone.com/reports/3297483", "reference_id": "3297483", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-10T04:55:48Z/" } ], "url": "https://hackerone.com/reports/3297483" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/562561", "reference_id": "562561", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-10T04:55:48Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/562561" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/", "reference_id": "patch-release-gitlab-18-7-1-released", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-10T04:55:48Z/" } ], "url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-9222" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yfqm-sp6g-gbaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/285640?format=api", "vulnerability_id": "VCID-ygxb-hemy-myf5", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1621", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01175", "scoring_system": "epss", "scoring_elements": "0.78761", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01175", "scoring_system": "epss", "scoring_elements": "0.78702", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01175", "scoring_system": "epss", "scoring_elements": "0.78731", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01175", "scoring_system": "epss", "scoring_elements": "0.78729", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01175", "scoring_system": "epss", "scoring_elements": "0.78725", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01175", "scoring_system": "epss", "scoring_elements": "0.78754", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01175", "scoring_system": "epss", "scoring_elements": "0.78659", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01175", "scoring_system": "epss", "scoring_elements": "0.7869", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01175", "scoring_system": "epss", "scoring_elements": "0.78671", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01175", "scoring_system": "epss", "scoring_elements": "0.78697", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01175", "scoring_system": "epss", "scoring_elements": "0.78703", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01175", "scoring_system": "epss", "scoring_elements": "0.78728", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01175", "scoring_system": "epss", "scoring_elements": "0.7871", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1621" }, { "reference_url": "https://hackerone.com/reports/1914049", "reference_id": "1914049", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:37:54Z/" } ], "url": "https://hackerone.com/reports/1914049" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/399774", "reference_id": "399774", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:37:54Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/399774" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1621.json", "reference_id": "CVE-2023-1621.json", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:37:54Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1621.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-1621" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ygxb-hemy-myf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240537?format=api", "vulnerability_id": "VCID-yq7h-64jj-wfcs", "summary": "An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40165", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40285", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40351", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40376", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40301", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40352", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40364", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40375", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40337", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40318", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40365", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40333", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40256", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40178", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22233" }, { "reference_url": "https://security.archlinux.org/AVG-2137", "reference_id": "AVG-2137", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2137" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-22233" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yq7h-64jj-wfcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/193739?format=api", "vulnerability_id": "VCID-yuqy-3gu6-4kgy", "summary": "An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. Unprivileged users were able to access labels, status and merge request counts of confidential issues via the milestone details page. It has Improper Access Control.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22492", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22666", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2271", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.225", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2258", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22635", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2265", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22609", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22554", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22568", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22562", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22512", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22358", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22347", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12429" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-12429" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yuqy-3gu6-4kgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65180?format=api", "vulnerability_id": "VCID-yy74-uza7-qqgv", "summary": "gitlab: GitLab: Cross-Site Scripting Vulnerability Leading to Arbitrary Code Execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13761.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13761.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13957", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14127", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13877", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13868", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13947", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13983", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14182", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13998", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14079", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14132", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14076", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14034", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13982", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13761" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428218", "reference_id": "2428218", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428218" }, { "reference_url": "https://hackerone.com/reports/3441368", "reference_id": "3441368", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-10T04:55:47Z/" } ], "url": "https://hackerone.com/reports/3441368" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/582237", "reference_id": "582237", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-10T04:55:47Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/582237" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/", "reference_id": "patch-release-gitlab-18-7-1-released", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-10T04:55:47Z/" } ], "url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2025-13761" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yy74-uza7-qqgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256735?format=api", "vulnerability_id": "VCID-zbdr-btjr-vkhh", "summary": "In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50861", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50782", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50838", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50864", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50821", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50878", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50876", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50918", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50896", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5088", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50924", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50904", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50853", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39884" }, { "reference_url": "https://security.archlinux.org/AVG-2432", "reference_id": "AVG-2432", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2432" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2021-39884" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbdr-btjr-vkhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/304187?format=api", "vulnerability_id": "VCID-zcze-847k-cyh1", "summary": "An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4011", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13636", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13665", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13802", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13858", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13659", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13741", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13792", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1376", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13723", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13674", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13585", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13581", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13654", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4011" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/409367", "reference_id": "409367", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T15:46:43Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/409367" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-4011" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zcze-847k-cyh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/231094?format=api", "vulnerability_id": "VCID-zjb9-cwg1-qbdz", "summary": "An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9870", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07528", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07452", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07442", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07575", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07537", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07453", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07493", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07473", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07532", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07554", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0754", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07527", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9870" }, { "reference_url": "https://hackerone.com/reports/2734142", "reference_id": "2734142", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T15:59:33Z/" } ], "url": "https://hackerone.com/reports/2734142" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/issues/498911", "reference_id": "498911", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T15:59:33Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/498911" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2024-9870" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zjb9-cwg1-qbdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/304589?format=api", "vulnerability_id": "VCID-zjvn-1whn-quab", "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the `Allowed to merge` permission as a guest user, when granted the permission through a group.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15706", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1577", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15574", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15659", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15718", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15686", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15651", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15513", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15522", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15615", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15614", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4658" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2023-4658" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zjvn-1whn-quab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216126?format=api", "vulnerability_id": "VCID-zm1w-ttn2-nkde", "summary": "User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13265", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.3035", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.3038", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30426", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30239", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30299", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30334", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30338", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30294", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30245", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.3026", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30242", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30197", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30133", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30018", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13265" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2020-13265" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zm1w-ttn2-nkde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/347293?format=api", "vulnerability_id": "VCID-zsau-k8h3-bbbj", "summary": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in Mermaid diagrams.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08954", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08998", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.0889", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08873", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09019", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09064", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09005", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08934", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09013", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09045", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09011", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10648", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2973" }, { "reference_url": "https://hackerone.com/reports/3566802", "reference_id": "3566802", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T17:24:23Z/" } ], "url": "https://hackerone.com/reports/3566802" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/591049", "reference_id": "591049", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T17:24:23Z/" } ], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/591049" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" }, { "reference_url": "https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/", "reference_id": "patch-release-gitlab-18-10-1-released", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T17:24:23Z/" } ], "url": "https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2026-2973" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zsau-k8h3-bbbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/196713?format=api", "vulnerability_id": "VCID-zxrt-frky-k3er", "summary": "An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations.", "references": [ { "reference_url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15723", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47381", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47373", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47319", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47355", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47376", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47324", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.4738", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47377", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47401", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47383", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47442", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47435", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47386", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15723" }, { "reference_url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11302" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15723", "reference_id": "CVE-2019-15723", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15723" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923256?format=api", "purl": "pkg:deb/debian/gitlab@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-15723" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxrt-frky-k3er" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid" }