Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid

Type deb

Namespace debian

Name gitlab

Version 11.8.6+dfsg-1

Qualifiers

distro	sid

Subpath

Is_vulnerable false

Next_non_vulnerable_version 11.8.9+dfsg-1

Latest_non_vulnerable_version 17.6.5-19

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2m26-5f7y-s3fe

vulnerability_id VCID-2m26-5f7y-s3fe

summary An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10115

reference_id

reference_type

scores

value	0.00144
scoring_system	epss
scoring_elements	0.34686
published_at	2026-04-16T12:55:00Z

value	0.00144
scoring_system	epss
scoring_elements	0.34672
published_at	2026-04-18T12:55:00Z

value	0.00144
scoring_system	epss
scoring_elements	0.34631
published_at	2026-04-21T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35429
published_at	2026-04-07T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35475
published_at	2026-04-08T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35499
published_at	2026-04-09T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35323
published_at	2026-04-01T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35466
published_at	2026-04-12T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35444
published_at	2026-04-13T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.3551
published_at	2026-04-11T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35522
published_at	2026-04-02T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35547
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10115

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482
reference_id	926482
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482

fixed_packages

url	pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.8.6%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-10115

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2m26-5f7y-s3fe

url VCID-4v6j-cn1c-s7dd

vulnerability_id VCID-4v6j-cn1c-s7dd

summary An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image could obtain its geolocation, device, and software version data (if present).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10109

reference_id

reference_type

scores

value	0.00136
scoring_system	epss
scoring_elements	0.33399
published_at	2026-04-16T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33374
published_at	2026-04-18T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33342
published_at	2026-04-21T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34382
published_at	2026-04-07T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34425
published_at	2026-04-08T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34454
published_at	2026-04-09T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34149
published_at	2026-04-01T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34417
published_at	2026-04-12T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34393
published_at	2026-04-13T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34456
published_at	2026-04-11T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34487
published_at	2026-04-02T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34515
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10109

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482
reference_id	926482
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482

fixed_packages

url	pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.8.6%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-10109

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4v6j-cn1c-s7dd

url VCID-53ve-2zag-8yhr

vulnerability_id VCID-53ve-2zag-8yhr

summary An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects/<id>/languages requests may allow Uncontrolled Resource Consumption.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10113

reference_id

reference_type

scores

value	0.00183
scoring_system	epss
scoring_elements	0.40131
published_at	2026-04-16T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40101
published_at	2026-04-18T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40024
published_at	2026-04-21T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.40943
published_at	2026-04-07T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.40991
published_at	2026-04-08T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.40999
published_at	2026-04-09T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.40903
published_at	2026-04-01T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.40982
published_at	2026-04-12T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.40966
published_at	2026-04-13T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.41017
published_at	2026-04-11T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.40984
published_at	2026-04-02T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.41016
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10113

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482
reference_id	926482
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482

fixed_packages

url	pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.8.6%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-10113

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53ve-2zag-8yhr

url VCID-6ar9-uaqa-xyfq

vulnerability_id VCID-6ar9-uaqa-xyfq

summary An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10116

reference_id

reference_type

scores

value	0.00099
scoring_system	epss
scoring_elements	0.27602
published_at	2026-04-16T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27576
published_at	2026-04-18T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27537
published_at	2026-04-21T12:55:00Z

value	0.00103
scoring_system	epss
scoring_elements	0.28251
published_at	2026-04-07T12:55:00Z

value	0.00103
scoring_system	epss
scoring_elements	0.28317
published_at	2026-04-08T12:55:00Z

value	0.00103
scoring_system	epss
scoring_elements	0.2836
published_at	2026-04-09T12:55:00Z

value	0.00103
scoring_system	epss
scoring_elements	0.28347
published_at	2026-04-01T12:55:00Z

value	0.00103
scoring_system	epss
scoring_elements	0.28321
published_at	2026-04-12T12:55:00Z

value	0.00103
scoring_system	epss
scoring_elements	0.28263
published_at	2026-04-13T12:55:00Z

value	0.00103
scoring_system	epss
scoring_elements	0.28365
published_at	2026-04-11T12:55:00Z

value	0.00103
scoring_system	epss
scoring_elements	0.28418
published_at	2026-04-02T12:55:00Z

value	0.00103
scoring_system	epss
scoring_elements	0.28459
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10116

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482
reference_id	926482
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482

fixed_packages

url	pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.8.6%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-10116

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ar9-uaqa-xyfq

url VCID-6tvy-72tc-jbdr

vulnerability_id VCID-6tvy-72tc-jbdr

summary An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue" feature may allow a user to create projects under any namespace on any GitLab instance on which they hold credentials.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10110

reference_id

reference_type

scores

value	0.00096
scoring_system	epss
scoring_elements	0.26611
published_at	2026-04-16T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26583
published_at	2026-04-18T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26544
published_at	2026-04-21T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27674
published_at	2026-04-07T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27742
published_at	2026-04-08T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27786
published_at	2026-04-09T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27791
published_at	2026-04-01T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27749
published_at	2026-04-12T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27691
published_at	2026-04-13T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27792
published_at	2026-04-11T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27842
published_at	2026-04-02T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27883
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10110

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482
reference_id	926482
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482

fixed_packages

url	pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.8.6%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-10110

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6tvy-72tc-jbdr

url VCID-c5wm-ghe3-aqab

vulnerability_id VCID-c5wm-ghe3-aqab

summary An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10111

reference_id

reference_type

scores

value	0.00089
scoring_system	epss
scoring_elements	0.25224
published_at	2026-04-16T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.25214
published_at	2026-04-18T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.25185
published_at	2026-04-21T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25814
published_at	2026-04-07T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25883
published_at	2026-04-08T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25935
published_at	2026-04-09T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25936
published_at	2026-04-01T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25903
published_at	2026-04-12T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25849
published_at	2026-04-13T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25945
published_at	2026-04-11T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.26
published_at	2026-04-02T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.26042
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10111

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482
reference_id	926482
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482

fixed_packages

url	pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.8.6%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-10111

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c5wm-ghe3-aqab

url VCID-gsxs-21aw-cygp

vulnerability_id VCID-gsxs-21aw-cygp

summary An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10640

reference_id

reference_type

scores

value	0.00174
scoring_system	epss
scoring_elements	0.3893
published_at	2026-04-16T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.3891
published_at	2026-04-18T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38828
published_at	2026-04-21T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39815
published_at	2026-04-07T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.3987
published_at	2026-04-08T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39884
published_at	2026-04-09T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.3972
published_at	2026-04-01T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.3986
published_at	2026-04-12T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39843
published_at	2026-04-13T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39894
published_at	2026-04-11T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39869
published_at	2026-04-02T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39893
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10640

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482
reference_id	926482
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482

fixed_packages

url	pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.8.6%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2019-10640

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gsxs-21aw-cygp

url VCID-mfwc-dm4n-vbey

vulnerability_id VCID-mfwc-dm4n-vbey

summary

Code injection
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker.

references

reference_url

https://access.redhat.com/errata/RHSA-2018:1414

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1414

reference_url

https://access.redhat.com/errata/RHSA-2018:1415

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1415

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5158.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5158.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5158

reference_id

reference_type

scores

value	0.4138
scoring_system	epss
scoring_elements	0.97376
published_at	2026-04-01T12:55:00Z

value	0.4138
scoring_system	epss
scoring_elements	0.97382
published_at	2026-04-02T12:55:00Z

value	0.4138
scoring_system	epss
scoring_elements	0.97387
published_at	2026-04-07T12:55:00Z

value	0.4138
scoring_system	epss
scoring_elements	0.97394
published_at	2026-04-08T12:55:00Z

value	0.43031
scoring_system	epss
scoring_elements	0.97497
published_at	2026-04-16T12:55:00Z

value	0.43031
scoring_system	epss
scoring_elements	0.975
published_at	2026-04-21T12:55:00Z

value	0.43031
scoring_system	epss
scoring_elements	0.97486
published_at	2026-04-11T12:55:00Z

value	0.43031
scoring_system	epss
scoring_elements	0.97484
published_at	2026-04-09T12:55:00Z

value	0.43031
scoring_system	epss
scoring_elements	0.97488
published_at	2026-04-12T12:55:00Z

value	0.43031
scoring_system	epss
scoring_elements	0.97489
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5158

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1452075

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1452075

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183

reference_url

https://github.com/mozilla/pdf.js

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mozilla/pdf.js

reference_url

https://github.com/mozilla/pdf.js/commit/2dc4af525d1612c98afcd1e6bee57d4788f78f97

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mozilla/pdf.js/commit/2dc4af525d1612c98afcd1e6bee57d4788f78f97

reference_url

https://github.com/mozilla/pdf.js/pull/9659

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mozilla/pdf.js/pull/9659

reference_url

https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5158

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5158

reference_url

https://security.gentoo.org/glsa/201810-01

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201810-01

reference_url

https://usn.ubuntu.com/3645-1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/3645-1

reference_url

https://www.debian.org/security/2018/dsa-4199

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4199

reference_url

https://www.mozilla.org/security/advisories/mfsa2018-11

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/security/advisories/mfsa2018-11

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url

https://www.mozilla.org/security/advisories/mfsa2018-12

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/security/advisories/mfsa2018-12

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-12/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-12/

reference_url

http://www.securityfocus.com/bid/104136

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/104136

reference_url

http://www.securitytracker.com/id/1040896

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576259
reference_id	1576259
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576259

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482
reference_id	926482
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://github.com/advisories/GHSA-7jg2-jgv3-fmr4

reference_id

GHSA-7jg2-jgv3-fmr4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7jg2-jgv3-fmr4

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-12

reference_id

mfsa2018-12

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-12

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.8.6%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

aliases CVE-2018-5158, GHSA-7jg2-jgv3-fmr4

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mfwc-dm4n-vbey

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.8.6%252Bdfsg-1%3Fdistro=sid

Package Instance