Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
Typedeb
Namespacedebian
Namegitlab
Version15.10.8+ds1-2
Qualifiers
distro sid
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version15.11.11+ds1-1
Latest_non_vulnerable_version17.6.5-19
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-141u-az5k-r3f8
vulnerability_id VCID-141u-az5k-r3f8
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0508
reference_id
reference_type
scores
0
value 0.03964
scoring_system epss
scoring_elements 0.88398
published_at 2026-04-24T12:55:00Z
1
value 0.03964
scoring_system epss
scoring_elements 0.88361
published_at 2026-04-08T12:55:00Z
2
value 0.03964
scoring_system epss
scoring_elements 0.88368
published_at 2026-04-09T12:55:00Z
3
value 0.03964
scoring_system epss
scoring_elements 0.88378
published_at 2026-04-11T12:55:00Z
4
value 0.03964
scoring_system epss
scoring_elements 0.88371
published_at 2026-04-12T12:55:00Z
5
value 0.03964
scoring_system epss
scoring_elements 0.8837
published_at 2026-04-13T12:55:00Z
6
value 0.03964
scoring_system epss
scoring_elements 0.88385
published_at 2026-04-16T12:55:00Z
7
value 0.03964
scoring_system epss
scoring_elements 0.88381
published_at 2026-04-21T12:55:00Z
8
value 0.03964
scoring_system epss
scoring_elements 0.88337
published_at 2026-04-04T12:55:00Z
9
value 0.03964
scoring_system epss
scoring_elements 0.88342
published_at 2026-04-07T12:55:00Z
10
value 0.04627
scoring_system epss
scoring_elements 0.89234
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0508
1
reference_url https://hackerone.com/reports/1842314
reference_id 1842314
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:58:14Z/
url https://hackerone.com/reports/1842314
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/389328
reference_id 389328
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:58:14Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/389328
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0508.json
reference_id CVE-2023-0508.json
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:58:14Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0508.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-0508
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-141u-az5k-r3f8
1
url VCID-15mz-35gt-pbaq
vulnerability_id VCID-15mz-35gt-pbaq
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22192
reference_id
reference_type
scores
0
value 0.81162
scoring_system epss
scoring_elements 0.99167
published_at 2026-04-24T12:55:00Z
1
value 0.81162
scoring_system epss
scoring_elements 0.99154
published_at 2026-04-01T12:55:00Z
2
value 0.81162
scoring_system epss
scoring_elements 0.99155
published_at 2026-04-02T12:55:00Z
3
value 0.81162
scoring_system epss
scoring_elements 0.99158
published_at 2026-04-04T12:55:00Z
4
value 0.81162
scoring_system epss
scoring_elements 0.99161
published_at 2026-04-07T12:55:00Z
5
value 0.81162
scoring_system epss
scoring_elements 0.99162
published_at 2026-04-13T12:55:00Z
6
value 0.81162
scoring_system epss
scoring_elements 0.99163
published_at 2026-04-16T12:55:00Z
7
value 0.81162
scoring_system epss
scoring_elements 0.99165
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22192
1
reference_url https://security.archlinux.org/ASA-202103-13
reference_id ASA-202103-13
reference_type
scores
url https://security.archlinux.org/ASA-202103-13
2
reference_url https://security.archlinux.org/AVG-1710
reference_id AVG-1710
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1710
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22192
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-15mz-35gt-pbaq
2
url VCID-17gb-vdxv-fqc4
vulnerability_id VCID-17gb-vdxv-fqc4
summary Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be accessed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39918
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45329
published_at 2026-04-21T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45239
published_at 2026-04-24T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.4532
published_at 2026-04-02T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45342
published_at 2026-04-04T12:55:00Z
4
value 0.00226
scoring_system epss
scoring_elements 0.45285
published_at 2026-04-07T12:55:00Z
5
value 0.00226
scoring_system epss
scoring_elements 0.4534
published_at 2026-04-09T12:55:00Z
6
value 0.00226
scoring_system epss
scoring_elements 0.45362
published_at 2026-04-11T12:55:00Z
7
value 0.00226
scoring_system epss
scoring_elements 0.4533
published_at 2026-04-12T12:55:00Z
8
value 0.00226
scoring_system epss
scoring_elements 0.45332
published_at 2026-04-13T12:55:00Z
9
value 0.00226
scoring_system epss
scoring_elements 0.45383
published_at 2026-04-16T12:55:00Z
10
value 0.00226
scoring_system epss
scoring_elements 0.45379
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39918
1
reference_url https://security.archlinux.org/AVG-2604
reference_id AVG-2604
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2604
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39918
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-17gb-vdxv-fqc4
3
url VCID-1bre-tbu7-myhd
vulnerability_id VCID-1bre-tbu7-myhd
summary An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3902
reference_id
reference_type
scores
0
value 0.00223
scoring_system epss
scoring_elements 0.44815
published_at 2026-04-24T12:55:00Z
1
value 0.00223
scoring_system epss
scoring_elements 0.44908
published_at 2026-04-12T12:55:00Z
2
value 0.00223
scoring_system epss
scoring_elements 0.4491
published_at 2026-04-13T12:55:00Z
3
value 0.00223
scoring_system epss
scoring_elements 0.44962
published_at 2026-04-16T12:55:00Z
4
value 0.00223
scoring_system epss
scoring_elements 0.44956
published_at 2026-04-18T12:55:00Z
5
value 0.00223
scoring_system epss
scoring_elements 0.44906
published_at 2026-04-21T12:55:00Z
6
value 0.00223
scoring_system epss
scoring_elements 0.44904
published_at 2026-04-02T12:55:00Z
7
value 0.00223
scoring_system epss
scoring_elements 0.44923
published_at 2026-04-04T12:55:00Z
8
value 0.00223
scoring_system epss
scoring_elements 0.44864
published_at 2026-04-07T12:55:00Z
9
value 0.00223
scoring_system epss
scoring_elements 0.44917
published_at 2026-04-08T12:55:00Z
10
value 0.00223
scoring_system epss
scoring_elements 0.44919
published_at 2026-04-09T12:55:00Z
11
value 0.00223
scoring_system epss
scoring_elements 0.4494
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3902
1
reference_url https://hackerone.com/reports/1757999
reference_id 1757999
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:00:00Z/
url https://hackerone.com/reports/1757999
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/381895
reference_id 381895
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:00:00Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/381895
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3902.json
reference_id CVE-2022-3902.json
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:00:00Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3902.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3902
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bre-tbu7-myhd
4
url VCID-1bwp-vqnn-2ud2
vulnerability_id VCID-1bwp-vqnn-2ud2
summary An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2250
reference_id
reference_type
scores
0
value 0.0027
scoring_system epss
scoring_elements 0.50459
published_at 2026-04-02T12:55:00Z
1
value 0.0027
scoring_system epss
scoring_elements 0.50488
published_at 2026-04-04T12:55:00Z
2
value 0.0027
scoring_system epss
scoring_elements 0.50441
published_at 2026-04-07T12:55:00Z
3
value 0.0027
scoring_system epss
scoring_elements 0.50495
published_at 2026-04-08T12:55:00Z
4
value 0.0027
scoring_system epss
scoring_elements 0.50492
published_at 2026-04-09T12:55:00Z
5
value 0.0027
scoring_system epss
scoring_elements 0.50535
published_at 2026-04-11T12:55:00Z
6
value 0.0027
scoring_system epss
scoring_elements 0.50512
published_at 2026-04-12T12:55:00Z
7
value 0.0027
scoring_system epss
scoring_elements 0.50497
published_at 2026-04-13T12:55:00Z
8
value 0.0027
scoring_system epss
scoring_elements 0.5054
published_at 2026-04-16T12:55:00Z
9
value 0.0027
scoring_system epss
scoring_elements 0.50545
published_at 2026-04-18T12:55:00Z
10
value 0.0027
scoring_system epss
scoring_elements 0.50521
published_at 2026-04-21T12:55:00Z
11
value 0.0027
scoring_system epss
scoring_elements 0.50467
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2250
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2250
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bwp-vqnn-2ud2
5
url VCID-1cxd-7cew-mfhg
vulnerability_id VCID-1cxd-7cew-mfhg
summary A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1710
reference_id
reference_type
scores
0
value 0.0271
scoring_system epss
scoring_elements 0.85937
published_at 2026-04-24T12:55:00Z
1
value 0.0271
scoring_system epss
scoring_elements 0.85886
published_at 2026-04-08T12:55:00Z
2
value 0.0271
scoring_system epss
scoring_elements 0.85896
published_at 2026-04-09T12:55:00Z
3
value 0.0271
scoring_system epss
scoring_elements 0.8591
published_at 2026-04-11T12:55:00Z
4
value 0.0271
scoring_system epss
scoring_elements 0.85908
published_at 2026-04-12T12:55:00Z
5
value 0.0271
scoring_system epss
scoring_elements 0.85902
published_at 2026-04-13T12:55:00Z
6
value 0.0271
scoring_system epss
scoring_elements 0.8592
published_at 2026-04-16T12:55:00Z
7
value 0.0271
scoring_system epss
scoring_elements 0.85925
published_at 2026-04-18T12:55:00Z
8
value 0.0271
scoring_system epss
scoring_elements 0.85916
published_at 2026-04-21T12:55:00Z
9
value 0.0271
scoring_system epss
scoring_elements 0.85867
published_at 2026-04-07T12:55:00Z
10
value 0.02856
scoring_system epss
scoring_elements 0.86201
published_at 2026-04-04T12:55:00Z
11
value 0.02856
scoring_system epss
scoring_elements 0.86188
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1710
1
reference_url https://hackerone.com/reports/1829768
reference_id 1829768
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:49:20Z/
url https://hackerone.com/reports/1829768
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/388242
reference_id 388242
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:49:20Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/388242
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1710.json
reference_id CVE-2023-1710.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:49:20Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1710.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-1710
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1cxd-7cew-mfhg
6
url VCID-1f4t-7du8-q3ex
vulnerability_id VCID-1f4t-7du8-q3ex
summary A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted deploy Slash commands
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39938
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.33441
published_at 2026-04-24T12:55:00Z
1
value 0.00138
scoring_system epss
scoring_elements 0.33591
published_at 2026-04-01T12:55:00Z
2
value 0.00138
scoring_system epss
scoring_elements 0.33923
published_at 2026-04-02T12:55:00Z
3
value 0.00138
scoring_system epss
scoring_elements 0.33954
published_at 2026-04-04T12:55:00Z
4
value 0.00138
scoring_system epss
scoring_elements 0.33808
published_at 2026-04-07T12:55:00Z
5
value 0.00138
scoring_system epss
scoring_elements 0.3385
published_at 2026-04-08T12:55:00Z
6
value 0.00138
scoring_system epss
scoring_elements 0.33882
published_at 2026-04-09T12:55:00Z
7
value 0.00138
scoring_system epss
scoring_elements 0.33881
published_at 2026-04-11T12:55:00Z
8
value 0.00138
scoring_system epss
scoring_elements 0.33839
published_at 2026-04-18T12:55:00Z
9
value 0.00138
scoring_system epss
scoring_elements 0.33814
published_at 2026-04-13T12:55:00Z
10
value 0.00138
scoring_system epss
scoring_elements 0.33853
published_at 2026-04-16T12:55:00Z
11
value 0.00138
scoring_system epss
scoring_elements 0.33807
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39938
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39938
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1f4t-7du8-q3ex
7
url VCID-1t9u-drzk-5ffz
vulnerability_id VCID-1t9u-drzk-5ffz
summary A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2500
reference_id
reference_type
scores
0
value 0.00254
scoring_system epss
scoring_elements 0.48843
published_at 2026-04-18T12:55:00Z
1
value 0.00254
scoring_system epss
scoring_elements 0.48768
published_at 2026-04-02T12:55:00Z
2
value 0.00254
scoring_system epss
scoring_elements 0.48794
published_at 2026-04-04T12:55:00Z
3
value 0.00254
scoring_system epss
scoring_elements 0.48748
published_at 2026-04-07T12:55:00Z
4
value 0.00254
scoring_system epss
scoring_elements 0.48802
published_at 2026-04-21T12:55:00Z
5
value 0.00254
scoring_system epss
scoring_elements 0.48799
published_at 2026-04-09T12:55:00Z
6
value 0.00254
scoring_system epss
scoring_elements 0.48816
published_at 2026-04-11T12:55:00Z
7
value 0.00254
scoring_system epss
scoring_elements 0.4879
published_at 2026-04-24T12:55:00Z
8
value 0.00254
scoring_system epss
scoring_elements 0.48798
published_at 2026-04-13T12:55:00Z
9
value 0.00254
scoring_system epss
scoring_elements 0.48847
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2500
1
reference_url https://security.archlinux.org/AVG-2785
reference_id AVG-2785
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2785
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2500
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1t9u-drzk-5ffz
8
url VCID-1tja-ztb9-myhy
vulnerability_id VCID-1tja-ztb9-myhy
summary An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1431
reference_id
reference_type
scores
0
value 0.00329
scoring_system epss
scoring_elements 0.5586
published_at 2026-04-24T12:55:00Z
1
value 0.00329
scoring_system epss
scoring_elements 0.55783
published_at 2026-04-01T12:55:00Z
2
value 0.00329
scoring_system epss
scoring_elements 0.55895
published_at 2026-04-02T12:55:00Z
3
value 0.00329
scoring_system epss
scoring_elements 0.55917
published_at 2026-04-04T12:55:00Z
4
value 0.00329
scoring_system epss
scoring_elements 0.55896
published_at 2026-04-07T12:55:00Z
5
value 0.00329
scoring_system epss
scoring_elements 0.55947
published_at 2026-04-08T12:55:00Z
6
value 0.00329
scoring_system epss
scoring_elements 0.55949
published_at 2026-04-09T12:55:00Z
7
value 0.00329
scoring_system epss
scoring_elements 0.55958
published_at 2026-04-11T12:55:00Z
8
value 0.00329
scoring_system epss
scoring_elements 0.55938
published_at 2026-04-12T12:55:00Z
9
value 0.00329
scoring_system epss
scoring_elements 0.5592
published_at 2026-04-13T12:55:00Z
10
value 0.00329
scoring_system epss
scoring_elements 0.55957
published_at 2026-04-16T12:55:00Z
11
value 0.00329
scoring_system epss
scoring_elements 0.5596
published_at 2026-04-18T12:55:00Z
12
value 0.00329
scoring_system epss
scoring_elements 0.55934
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1431
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1431
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1tja-ztb9-myhy
9
url VCID-1tp6-v3h3-sfc1
vulnerability_id VCID-1tp6-v3h3-sfc1
summary A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39866
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49504
published_at 2026-04-21T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.49439
published_at 2026-04-01T12:55:00Z
2
value 0.00261
scoring_system epss
scoring_elements 0.49467
published_at 2026-04-02T12:55:00Z
3
value 0.00261
scoring_system epss
scoring_elements 0.49494
published_at 2026-04-24T12:55:00Z
4
value 0.00261
scoring_system epss
scoring_elements 0.49447
published_at 2026-04-07T12:55:00Z
5
value 0.00261
scoring_system epss
scoring_elements 0.49502
published_at 2026-04-08T12:55:00Z
6
value 0.00261
scoring_system epss
scoring_elements 0.49497
published_at 2026-04-09T12:55:00Z
7
value 0.00261
scoring_system epss
scoring_elements 0.49514
published_at 2026-04-11T12:55:00Z
8
value 0.00261
scoring_system epss
scoring_elements 0.49486
published_at 2026-04-12T12:55:00Z
9
value 0.00261
scoring_system epss
scoring_elements 0.49488
published_at 2026-04-13T12:55:00Z
10
value 0.00261
scoring_system epss
scoring_elements 0.49535
published_at 2026-04-16T12:55:00Z
11
value 0.00261
scoring_system epss
scoring_elements 0.49533
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39866
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39866
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1tp6-v3h3-sfc1
10
url VCID-1z31-8t4f-hbes
vulnerability_id VCID-1z31-8t4f-hbes
summary In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account and splitting the attack over several IP addresses and passing in the compromised session value from these various locations.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39899
reference_id
reference_type
scores
0
value 0.00073
scoring_system epss
scoring_elements 0.21863
published_at 2026-04-24T12:55:00Z
1
value 0.00073
scoring_system epss
scoring_elements 0.22017
published_at 2026-04-01T12:55:00Z
2
value 0.00073
scoring_system epss
scoring_elements 0.22175
published_at 2026-04-02T12:55:00Z
3
value 0.00073
scoring_system epss
scoring_elements 0.22223
published_at 2026-04-04T12:55:00Z
4
value 0.00073
scoring_system epss
scoring_elements 0.22006
published_at 2026-04-07T12:55:00Z
5
value 0.00073
scoring_system epss
scoring_elements 0.22087
published_at 2026-04-08T12:55:00Z
6
value 0.00073
scoring_system epss
scoring_elements 0.22142
published_at 2026-04-09T12:55:00Z
7
value 0.00073
scoring_system epss
scoring_elements 0.2216
published_at 2026-04-11T12:55:00Z
8
value 0.00073
scoring_system epss
scoring_elements 0.22119
published_at 2026-04-12T12:55:00Z
9
value 0.00073
scoring_system epss
scoring_elements 0.22059
published_at 2026-04-13T12:55:00Z
10
value 0.00073
scoring_system epss
scoring_elements 0.22058
published_at 2026-04-16T12:55:00Z
11
value 0.00073
scoring_system epss
scoring_elements 0.22051
published_at 2026-04-18T12:55:00Z
12
value 0.00073
scoring_system epss
scoring_elements 0.22004
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39899
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39899
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1z31-8t4f-hbes
11
url VCID-21su-ba8v-huay
vulnerability_id VCID-21su-ba8v-huay
summary An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22202
reference_id
reference_type
scores
0
value 0.00156
scoring_system epss
scoring_elements 0.36045
published_at 2026-04-24T12:55:00Z
1
value 0.00156
scoring_system epss
scoring_elements 0.3623
published_at 2026-04-01T12:55:00Z
2
value 0.00156
scoring_system epss
scoring_elements 0.3642
published_at 2026-04-02T12:55:00Z
3
value 0.00156
scoring_system epss
scoring_elements 0.36453
published_at 2026-04-04T12:55:00Z
4
value 0.00156
scoring_system epss
scoring_elements 0.36288
published_at 2026-04-07T12:55:00Z
5
value 0.00156
scoring_system epss
scoring_elements 0.36336
published_at 2026-04-08T12:55:00Z
6
value 0.00156
scoring_system epss
scoring_elements 0.36357
published_at 2026-04-09T12:55:00Z
7
value 0.00156
scoring_system epss
scoring_elements 0.36364
published_at 2026-04-11T12:55:00Z
8
value 0.00156
scoring_system epss
scoring_elements 0.36327
published_at 2026-04-12T12:55:00Z
9
value 0.00156
scoring_system epss
scoring_elements 0.36306
published_at 2026-04-13T12:55:00Z
10
value 0.00156
scoring_system epss
scoring_elements 0.36348
published_at 2026-04-16T12:55:00Z
11
value 0.00156
scoring_system epss
scoring_elements 0.36332
published_at 2026-04-18T12:55:00Z
12
value 0.00156
scoring_system epss
scoring_elements 0.36277
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22202
1
reference_url https://security.archlinux.org/AVG-1770
reference_id AVG-1770
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1770
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22202
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-21su-ba8v-huay
12
url VCID-221v-5q8x-5ygz
vulnerability_id VCID-221v-5q8x-5ygz
summary Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1417
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51503
published_at 2026-04-24T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51419
published_at 2026-04-01T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.5147
published_at 2026-04-02T12:55:00Z
3
value 0.00281
scoring_system epss
scoring_elements 0.51497
published_at 2026-04-04T12:55:00Z
4
value 0.00281
scoring_system epss
scoring_elements 0.51457
published_at 2026-04-07T12:55:00Z
5
value 0.00281
scoring_system epss
scoring_elements 0.51511
published_at 2026-04-08T12:55:00Z
6
value 0.00281
scoring_system epss
scoring_elements 0.51509
published_at 2026-04-09T12:55:00Z
7
value 0.00281
scoring_system epss
scoring_elements 0.51552
published_at 2026-04-11T12:55:00Z
8
value 0.00281
scoring_system epss
scoring_elements 0.51531
published_at 2026-04-12T12:55:00Z
9
value 0.00281
scoring_system epss
scoring_elements 0.51519
published_at 2026-04-13T12:55:00Z
10
value 0.00281
scoring_system epss
scoring_elements 0.51563
published_at 2026-04-16T12:55:00Z
11
value 0.00281
scoring_system epss
scoring_elements 0.51571
published_at 2026-04-18T12:55:00Z
12
value 0.00281
scoring_system epss
scoring_elements 0.5155
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1417
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1417
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-221v-5q8x-5ygz
13
url VCID-24mf-t2wp-t7cb
vulnerability_id VCID-24mf-t2wp-t7cb
summary An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22206
reference_id
reference_type
scores
0
value 0.00116
scoring_system epss
scoring_elements 0.3014
published_at 2026-04-24T12:55:00Z
1
value 0.00116
scoring_system epss
scoring_elements 0.3036
published_at 2026-04-01T12:55:00Z
2
value 0.00116
scoring_system epss
scoring_elements 0.30389
published_at 2026-04-02T12:55:00Z
3
value 0.00116
scoring_system epss
scoring_elements 0.30435
published_at 2026-04-04T12:55:00Z
4
value 0.00116
scoring_system epss
scoring_elements 0.30246
published_at 2026-04-07T12:55:00Z
5
value 0.00116
scoring_system epss
scoring_elements 0.30306
published_at 2026-04-08T12:55:00Z
6
value 0.00116
scoring_system epss
scoring_elements 0.3034
published_at 2026-04-09T12:55:00Z
7
value 0.00116
scoring_system epss
scoring_elements 0.30344
published_at 2026-04-11T12:55:00Z
8
value 0.00116
scoring_system epss
scoring_elements 0.303
published_at 2026-04-12T12:55:00Z
9
value 0.00116
scoring_system epss
scoring_elements 0.30252
published_at 2026-04-13T12:55:00Z
10
value 0.00116
scoring_system epss
scoring_elements 0.30267
published_at 2026-04-16T12:55:00Z
11
value 0.00116
scoring_system epss
scoring_elements 0.30249
published_at 2026-04-18T12:55:00Z
12
value 0.00116
scoring_system epss
scoring_elements 0.30204
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22206
1
reference_url https://security.archlinux.org/ASA-202105-4
reference_id ASA-202105-4
reference_type
scores
url https://security.archlinux.org/ASA-202105-4
2
reference_url https://security.archlinux.org/AVG-1888
reference_id AVG-1888
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1888
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22206
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-24mf-t2wp-t7cb
14
url VCID-2978-z7hp-tked
vulnerability_id VCID-2978-z7hp-tked
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22196
reference_id
reference_type
scores
0
value 0.00191
scoring_system epss
scoring_elements 0.40856
published_at 2026-04-24T12:55:00Z
1
value 0.00191
scoring_system epss
scoring_elements 0.4095
published_at 2026-04-01T12:55:00Z
2
value 0.00191
scoring_system epss
scoring_elements 0.41031
published_at 2026-04-02T12:55:00Z
3
value 0.00191
scoring_system epss
scoring_elements 0.41063
published_at 2026-04-04T12:55:00Z
4
value 0.00191
scoring_system epss
scoring_elements 0.40989
published_at 2026-04-07T12:55:00Z
5
value 0.00191
scoring_system epss
scoring_elements 0.41038
published_at 2026-04-08T12:55:00Z
6
value 0.00191
scoring_system epss
scoring_elements 0.41045
published_at 2026-04-09T12:55:00Z
7
value 0.00191
scoring_system epss
scoring_elements 0.41064
published_at 2026-04-11T12:55:00Z
8
value 0.00191
scoring_system epss
scoring_elements 0.41029
published_at 2026-04-12T12:55:00Z
9
value 0.00191
scoring_system epss
scoring_elements 0.41012
published_at 2026-04-13T12:55:00Z
10
value 0.00191
scoring_system epss
scoring_elements 0.41054
published_at 2026-04-16T12:55:00Z
11
value 0.00191
scoring_system epss
scoring_elements 0.41025
published_at 2026-04-18T12:55:00Z
12
value 0.00191
scoring_system epss
scoring_elements 0.40949
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22196
1
reference_url https://security.archlinux.org/AVG-1770
reference_id AVG-1770
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1770
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22196
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2978-z7hp-tked
15
url VCID-2gxb-vk9m-c3hd
vulnerability_id VCID-2gxb-vk9m-c3hd
summary An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not performing correct authorizations on scheduled pipelines allowing a malicious user to run a pipeline in the context of another user.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1460
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49448
published_at 2026-04-24T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.49396
published_at 2026-04-01T12:55:00Z
2
value 0.00261
scoring_system epss
scoring_elements 0.49424
published_at 2026-04-02T12:55:00Z
3
value 0.00261
scoring_system epss
scoring_elements 0.49451
published_at 2026-04-04T12:55:00Z
4
value 0.00261
scoring_system epss
scoring_elements 0.49404
published_at 2026-04-07T12:55:00Z
5
value 0.00261
scoring_system epss
scoring_elements 0.49459
published_at 2026-04-21T12:55:00Z
6
value 0.00261
scoring_system epss
scoring_elements 0.49454
published_at 2026-04-09T12:55:00Z
7
value 0.00261
scoring_system epss
scoring_elements 0.49472
published_at 2026-04-11T12:55:00Z
8
value 0.00261
scoring_system epss
scoring_elements 0.49443
published_at 2026-04-12T12:55:00Z
9
value 0.00261
scoring_system epss
scoring_elements 0.49445
published_at 2026-04-13T12:55:00Z
10
value 0.00261
scoring_system epss
scoring_elements 0.49491
published_at 2026-04-16T12:55:00Z
11
value 0.00261
scoring_system epss
scoring_elements 0.49489
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1460
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1460
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2gxb-vk9m-c3hd
16
url VCID-2m6v-spsr-vqd9
vulnerability_id VCID-2m6v-spsr-vqd9
summary Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0427
reference_id
reference_type
scores
0
value 0.00119
scoring_system epss
scoring_elements 0.30863
published_at 2026-04-01T12:55:00Z
1
value 0.00119
scoring_system epss
scoring_elements 0.30989
published_at 2026-04-02T12:55:00Z
2
value 0.00119
scoring_system epss
scoring_elements 0.31037
published_at 2026-04-04T12:55:00Z
3
value 0.00119
scoring_system epss
scoring_elements 0.30855
published_at 2026-04-07T12:55:00Z
4
value 0.00119
scoring_system epss
scoring_elements 0.30913
published_at 2026-04-08T12:55:00Z
5
value 0.00119
scoring_system epss
scoring_elements 0.30943
published_at 2026-04-09T12:55:00Z
6
value 0.00119
scoring_system epss
scoring_elements 0.30947
published_at 2026-04-11T12:55:00Z
7
value 0.00119
scoring_system epss
scoring_elements 0.30904
published_at 2026-04-12T12:55:00Z
8
value 0.00119
scoring_system epss
scoring_elements 0.30859
published_at 2026-04-13T12:55:00Z
9
value 0.00119
scoring_system epss
scoring_elements 0.30891
published_at 2026-04-16T12:55:00Z
10
value 0.00119
scoring_system epss
scoring_elements 0.3087
published_at 2026-04-18T12:55:00Z
11
value 0.00119
scoring_system epss
scoring_elements 0.30837
published_at 2026-04-21T12:55:00Z
12
value 0.00119
scoring_system epss
scoring_elements 0.30673
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0427
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0427
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2m6v-spsr-vqd9
17
url VCID-2smt-c8fa-5qhf
vulnerability_id VCID-2smt-c8fa-5qhf
summary A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39893
reference_id
reference_type
scores
0
value 0.00395
scoring_system epss
scoring_elements 0.60357
published_at 2026-04-24T12:55:00Z
1
value 0.00395
scoring_system epss
scoring_elements 0.60218
published_at 2026-04-01T12:55:00Z
2
value 0.00395
scoring_system epss
scoring_elements 0.60294
published_at 2026-04-02T12:55:00Z
3
value 0.00395
scoring_system epss
scoring_elements 0.60319
published_at 2026-04-04T12:55:00Z
4
value 0.00395
scoring_system epss
scoring_elements 0.60287
published_at 2026-04-07T12:55:00Z
5
value 0.00395
scoring_system epss
scoring_elements 0.60337
published_at 2026-04-08T12:55:00Z
6
value 0.00395
scoring_system epss
scoring_elements 0.60353
published_at 2026-04-09T12:55:00Z
7
value 0.00395
scoring_system epss
scoring_elements 0.60374
published_at 2026-04-11T12:55:00Z
8
value 0.00395
scoring_system epss
scoring_elements 0.6036
published_at 2026-04-12T12:55:00Z
9
value 0.00395
scoring_system epss
scoring_elements 0.60342
published_at 2026-04-13T12:55:00Z
10
value 0.00395
scoring_system epss
scoring_elements 0.60383
published_at 2026-04-16T12:55:00Z
11
value 0.00395
scoring_system epss
scoring_elements 0.60391
published_at 2026-04-18T12:55:00Z
12
value 0.00395
scoring_system epss
scoring_elements 0.6038
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39893
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39893
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2smt-c8fa-5qhf
18
url VCID-2tqx-h18v-kbcg
vulnerability_id VCID-2tqx-h18v-kbcg
summary An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22198
reference_id
reference_type
scores
0
value 0.003
scoring_system epss
scoring_elements 0.53323
published_at 2026-04-24T12:55:00Z
1
value 0.003
scoring_system epss
scoring_elements 0.53244
published_at 2026-04-01T12:55:00Z
2
value 0.003
scoring_system epss
scoring_elements 0.53268
published_at 2026-04-02T12:55:00Z
3
value 0.003
scoring_system epss
scoring_elements 0.53294
published_at 2026-04-04T12:55:00Z
4
value 0.003
scoring_system epss
scoring_elements 0.53262
published_at 2026-04-07T12:55:00Z
5
value 0.003
scoring_system epss
scoring_elements 0.53314
published_at 2026-04-08T12:55:00Z
6
value 0.003
scoring_system epss
scoring_elements 0.53309
published_at 2026-04-09T12:55:00Z
7
value 0.003
scoring_system epss
scoring_elements 0.5336
published_at 2026-04-11T12:55:00Z
8
value 0.003
scoring_system epss
scoring_elements 0.53344
published_at 2026-04-12T12:55:00Z
9
value 0.003
scoring_system epss
scoring_elements 0.53327
published_at 2026-04-13T12:55:00Z
10
value 0.003
scoring_system epss
scoring_elements 0.53365
published_at 2026-04-16T12:55:00Z
11
value 0.003
scoring_system epss
scoring_elements 0.5337
published_at 2026-04-18T12:55:00Z
12
value 0.003
scoring_system epss
scoring_elements 0.53351
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22198
1
reference_url https://security.archlinux.org/AVG-1770
reference_id AVG-1770
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1770
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22198
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2tqx-h18v-kbcg
19
url VCID-2uqd-mtms-fqaw
vulnerability_id VCID-2uqd-mtms-fqaw
summary In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39903
reference_id
reference_type
scores
0
value 0.00254
scoring_system epss
scoring_elements 0.48802
published_at 2026-04-21T12:55:00Z
1
value 0.00254
scoring_system epss
scoring_elements 0.48729
published_at 2026-04-01T12:55:00Z
2
value 0.00254
scoring_system epss
scoring_elements 0.48768
published_at 2026-04-02T12:55:00Z
3
value 0.00254
scoring_system epss
scoring_elements 0.48794
published_at 2026-04-04T12:55:00Z
4
value 0.00254
scoring_system epss
scoring_elements 0.48748
published_at 2026-04-07T12:55:00Z
5
value 0.00254
scoring_system epss
scoring_elements 0.48803
published_at 2026-04-08T12:55:00Z
6
value 0.00254
scoring_system epss
scoring_elements 0.488
published_at 2026-04-09T12:55:00Z
7
value 0.00254
scoring_system epss
scoring_elements 0.48817
published_at 2026-04-11T12:55:00Z
8
value 0.00254
scoring_system epss
scoring_elements 0.48791
published_at 2026-04-24T12:55:00Z
9
value 0.00254
scoring_system epss
scoring_elements 0.48798
published_at 2026-04-13T12:55:00Z
10
value 0.00254
scoring_system epss
scoring_elements 0.48847
published_at 2026-04-16T12:55:00Z
11
value 0.00254
scoring_system epss
scoring_elements 0.48843
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39903
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39903
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2uqd-mtms-fqaw
20
url VCID-2x5t-aj8x-guhs
vulnerability_id VCID-2x5t-aj8x-guhs
summary A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge requests, Milestones, Snippets, Wiki pages, etc.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1174
reference_id
reference_type
scores
0
value 0.00442
scoring_system epss
scoring_elements 0.632
published_at 2026-04-01T12:55:00Z
1
value 0.00442
scoring_system epss
scoring_elements 0.6326
published_at 2026-04-02T12:55:00Z
2
value 0.00442
scoring_system epss
scoring_elements 0.63289
published_at 2026-04-04T12:55:00Z
3
value 0.00442
scoring_system epss
scoring_elements 0.63254
published_at 2026-04-07T12:55:00Z
4
value 0.00442
scoring_system epss
scoring_elements 0.63305
published_at 2026-04-08T12:55:00Z
5
value 0.00442
scoring_system epss
scoring_elements 0.63323
published_at 2026-04-09T12:55:00Z
6
value 0.00442
scoring_system epss
scoring_elements 0.6334
published_at 2026-04-11T12:55:00Z
7
value 0.00442
scoring_system epss
scoring_elements 0.63324
published_at 2026-04-12T12:55:00Z
8
value 0.00442
scoring_system epss
scoring_elements 0.63288
published_at 2026-04-13T12:55:00Z
9
value 0.00442
scoring_system epss
scoring_elements 0.63325
published_at 2026-04-16T12:55:00Z
10
value 0.00442
scoring_system epss
scoring_elements 0.63332
published_at 2026-04-18T12:55:00Z
11
value 0.00442
scoring_system epss
scoring_elements 0.63312
published_at 2026-04-21T12:55:00Z
12
value 0.00442
scoring_system epss
scoring_elements 0.63331
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1174
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1174
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2x5t-aj8x-guhs
21
url VCID-2znk-pbmh-aufj
vulnerability_id VCID-2znk-pbmh-aufj
summary A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1100
reference_id
reference_type
scores
0
value 0.00166
scoring_system epss
scoring_elements 0.37666
published_at 2026-04-01T12:55:00Z
1
value 0.00166
scoring_system epss
scoring_elements 0.37848
published_at 2026-04-02T12:55:00Z
2
value 0.00166
scoring_system epss
scoring_elements 0.37873
published_at 2026-04-04T12:55:00Z
3
value 0.00166
scoring_system epss
scoring_elements 0.37751
published_at 2026-04-07T12:55:00Z
4
value 0.00166
scoring_system epss
scoring_elements 0.37802
published_at 2026-04-08T12:55:00Z
5
value 0.00166
scoring_system epss
scoring_elements 0.37814
published_at 2026-04-09T12:55:00Z
6
value 0.00166
scoring_system epss
scoring_elements 0.37829
published_at 2026-04-11T12:55:00Z
7
value 0.00166
scoring_system epss
scoring_elements 0.37793
published_at 2026-04-12T12:55:00Z
8
value 0.00166
scoring_system epss
scoring_elements 0.37768
published_at 2026-04-13T12:55:00Z
9
value 0.00166
scoring_system epss
scoring_elements 0.37816
published_at 2026-04-16T12:55:00Z
10
value 0.00166
scoring_system epss
scoring_elements 0.37797
published_at 2026-04-18T12:55:00Z
11
value 0.00166
scoring_system epss
scoring_elements 0.37736
published_at 2026-04-21T12:55:00Z
12
value 0.00166
scoring_system epss
scoring_elements 0.37498
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1100
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1100
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2znk-pbmh-aufj
22
url VCID-396g-fjpn-qucv
vulnerability_id VCID-396g-fjpn-qucv
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22201
reference_id
reference_type
scores
0
value 0.0899
scoring_system epss
scoring_elements 0.92632
published_at 2026-04-24T12:55:00Z
1
value 0.0899
scoring_system epss
scoring_elements 0.92579
published_at 2026-04-01T12:55:00Z
2
value 0.0899
scoring_system epss
scoring_elements 0.92584
published_at 2026-04-02T12:55:00Z
3
value 0.0899
scoring_system epss
scoring_elements 0.92591
published_at 2026-04-04T12:55:00Z
4
value 0.0899
scoring_system epss
scoring_elements 0.92592
published_at 2026-04-07T12:55:00Z
5
value 0.0899
scoring_system epss
scoring_elements 0.92603
published_at 2026-04-08T12:55:00Z
6
value 0.0899
scoring_system epss
scoring_elements 0.92608
published_at 2026-04-09T12:55:00Z
7
value 0.0899
scoring_system epss
scoring_elements 0.92614
published_at 2026-04-13T12:55:00Z
8
value 0.0899
scoring_system epss
scoring_elements 0.92627
published_at 2026-04-16T12:55:00Z
9
value 0.0899
scoring_system epss
scoring_elements 0.92626
published_at 2026-04-18T12:55:00Z
10
value 0.0899
scoring_system epss
scoring_elements 0.92629
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22201
1
reference_url https://security.archlinux.org/AVG-1770
reference_id AVG-1770
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1770
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22201
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-396g-fjpn-qucv
23
url VCID-3buj-yj37-mkbs
vulnerability_id VCID-3buj-yj37-mkbs
summary An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22199
reference_id
reference_type
scores
0
value 0.0017
scoring_system epss
scoring_elements 0.38002
published_at 2026-04-24T12:55:00Z
1
value 0.0017
scoring_system epss
scoring_elements 0.38161
published_at 2026-04-01T12:55:00Z
2
value 0.0017
scoring_system epss
scoring_elements 0.38298
published_at 2026-04-02T12:55:00Z
3
value 0.0017
scoring_system epss
scoring_elements 0.38321
published_at 2026-04-04T12:55:00Z
4
value 0.0017
scoring_system epss
scoring_elements 0.3819
published_at 2026-04-07T12:55:00Z
5
value 0.0017
scoring_system epss
scoring_elements 0.3824
published_at 2026-04-08T12:55:00Z
6
value 0.0017
scoring_system epss
scoring_elements 0.38248
published_at 2026-04-09T12:55:00Z
7
value 0.0017
scoring_system epss
scoring_elements 0.38267
published_at 2026-04-11T12:55:00Z
8
value 0.0017
scoring_system epss
scoring_elements 0.38231
published_at 2026-04-12T12:55:00Z
9
value 0.0017
scoring_system epss
scoring_elements 0.38207
published_at 2026-04-13T12:55:00Z
10
value 0.0017
scoring_system epss
scoring_elements 0.38254
published_at 2026-04-16T12:55:00Z
11
value 0.0017
scoring_system epss
scoring_elements 0.38234
published_at 2026-04-18T12:55:00Z
12
value 0.0017
scoring_system epss
scoring_elements 0.38166
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22199
1
reference_url https://security.archlinux.org/AVG-1770
reference_id AVG-1770
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1770
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22199
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3buj-yj37-mkbs
24
url VCID-3ejs-8115-83df
vulnerability_id VCID-3ejs-8115-83df
summary An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3280
reference_id
reference_type
scores
0
value 0.00167
scoring_system epss
scoring_elements 0.37522
published_at 2026-04-24T12:55:00Z
1
value 0.00167
scoring_system epss
scoring_elements 0.37853
published_at 2026-04-11T12:55:00Z
2
value 0.00167
scoring_system epss
scoring_elements 0.37817
published_at 2026-04-12T12:55:00Z
3
value 0.00167
scoring_system epss
scoring_elements 0.37791
published_at 2026-04-13T12:55:00Z
4
value 0.00167
scoring_system epss
scoring_elements 0.37819
published_at 2026-04-18T12:55:00Z
5
value 0.00167
scoring_system epss
scoring_elements 0.37759
published_at 2026-04-21T12:55:00Z
6
value 0.00167
scoring_system epss
scoring_elements 0.37871
published_at 2026-04-02T12:55:00Z
7
value 0.00167
scoring_system epss
scoring_elements 0.37896
published_at 2026-04-04T12:55:00Z
8
value 0.00167
scoring_system epss
scoring_elements 0.37774
published_at 2026-04-07T12:55:00Z
9
value 0.00167
scoring_system epss
scoring_elements 0.37825
published_at 2026-04-08T12:55:00Z
10
value 0.00167
scoring_system epss
scoring_elements 0.37838
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3280
1
reference_url https://hackerone.com/reports/1475686
reference_id 1475686
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:25:07Z/
url https://hackerone.com/reports/1475686
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/352611
reference_id 352611
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:25:07Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/352611
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3280.json
reference_id CVE-2022-3280.json
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:25:07Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3280.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3280
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ejs-8115-83df
25
url VCID-3gk7-f7rw-s3bt
vulnerability_id VCID-3gk7-f7rw-s3bt
summary An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22220
reference_id
reference_type
scores
0
value 0.0015
scoring_system epss
scoring_elements 0.35278
published_at 2026-04-24T12:55:00Z
1
value 0.0015
scoring_system epss
scoring_elements 0.35418
published_at 2026-04-01T12:55:00Z
2
value 0.0015
scoring_system epss
scoring_elements 0.35618
published_at 2026-04-02T12:55:00Z
3
value 0.0015
scoring_system epss
scoring_elements 0.35643
published_at 2026-04-04T12:55:00Z
4
value 0.0015
scoring_system epss
scoring_elements 0.35525
published_at 2026-04-07T12:55:00Z
5
value 0.0015
scoring_system epss
scoring_elements 0.35571
published_at 2026-04-08T12:55:00Z
6
value 0.0015
scoring_system epss
scoring_elements 0.35595
published_at 2026-04-09T12:55:00Z
7
value 0.0015
scoring_system epss
scoring_elements 0.35605
published_at 2026-04-11T12:55:00Z
8
value 0.0015
scoring_system epss
scoring_elements 0.35561
published_at 2026-04-12T12:55:00Z
9
value 0.0015
scoring_system epss
scoring_elements 0.35538
published_at 2026-04-13T12:55:00Z
10
value 0.0015
scoring_system epss
scoring_elements 0.35577
published_at 2026-04-16T12:55:00Z
11
value 0.0015
scoring_system epss
scoring_elements 0.35567
published_at 2026-04-18T12:55:00Z
12
value 0.0015
scoring_system epss
scoring_elements 0.35516
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22220
1
reference_url https://security.archlinux.org/ASA-202106-21
reference_id ASA-202106-21
reference_type
scores
url https://security.archlinux.org/ASA-202106-21
2
reference_url https://security.archlinux.org/AVG-2023
reference_id AVG-2023
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2023
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22220
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3gk7-f7rw-s3bt
26
url VCID-3gr5-39vn-rkdp
vulnerability_id VCID-3gr5-39vn-rkdp
summary Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22177
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37409
published_at 2026-04-01T12:55:00Z
1
value 0.00165
scoring_system epss
scoring_elements 0.37574
published_at 2026-04-02T12:55:00Z
2
value 0.00165
scoring_system epss
scoring_elements 0.37598
published_at 2026-04-04T12:55:00Z
3
value 0.00165
scoring_system epss
scoring_elements 0.37475
published_at 2026-04-07T12:55:00Z
4
value 0.00165
scoring_system epss
scoring_elements 0.37526
published_at 2026-04-08T12:55:00Z
5
value 0.00165
scoring_system epss
scoring_elements 0.37539
published_at 2026-04-09T12:55:00Z
6
value 0.00165
scoring_system epss
scoring_elements 0.37553
published_at 2026-04-11T12:55:00Z
7
value 0.00165
scoring_system epss
scoring_elements 0.37518
published_at 2026-04-12T12:55:00Z
8
value 0.00165
scoring_system epss
scoring_elements 0.37491
published_at 2026-04-13T12:55:00Z
9
value 0.00165
scoring_system epss
scoring_elements 0.37538
published_at 2026-04-16T12:55:00Z
10
value 0.00165
scoring_system epss
scoring_elements 0.3752
published_at 2026-04-18T12:55:00Z
11
value 0.00165
scoring_system epss
scoring_elements 0.37455
published_at 2026-04-21T12:55:00Z
12
value 0.00165
scoring_system epss
scoring_elements 0.37236
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22177
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22177
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3gr5-39vn-rkdp
27
url VCID-3hda-k2mb-hkad
vulnerability_id VCID-3hda-k2mb-hkad
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted payloads to the preview_markdown endpoint.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2132
reference_id
reference_type
scores
0
value 0.01433
scoring_system epss
scoring_elements 0.80732
published_at 2026-04-24T12:55:00Z
1
value 0.01433
scoring_system epss
scoring_elements 0.80692
published_at 2026-04-11T12:55:00Z
2
value 0.01433
scoring_system epss
scoring_elements 0.80679
published_at 2026-04-12T12:55:00Z
3
value 0.01433
scoring_system epss
scoring_elements 0.80671
published_at 2026-04-13T12:55:00Z
4
value 0.01433
scoring_system epss
scoring_elements 0.80706
published_at 2026-04-18T12:55:00Z
5
value 0.01433
scoring_system epss
scoring_elements 0.80709
published_at 2026-04-21T12:55:00Z
6
value 0.01433
scoring_system epss
scoring_elements 0.80622
published_at 2026-04-02T12:55:00Z
7
value 0.01433
scoring_system epss
scoring_elements 0.80644
published_at 2026-04-04T12:55:00Z
8
value 0.01433
scoring_system epss
scoring_elements 0.80639
published_at 2026-04-07T12:55:00Z
9
value 0.01433
scoring_system epss
scoring_elements 0.80667
published_at 2026-04-08T12:55:00Z
10
value 0.01433
scoring_system epss
scoring_elements 0.80676
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2132
1
reference_url https://hackerone.com/reports/1934711
reference_id 1934711
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:33:44Z/
url https://hackerone.com/reports/1934711
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/407586
reference_id 407586
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:33:44Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/407586
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2132.json
reference_id CVE-2023-2132.json
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:33:44Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2132.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-2132
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3hda-k2mb-hkad
28
url VCID-3kdp-3q1x-buh8
vulnerability_id VCID-3kdp-3q1x-buh8
summary A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22260
reference_id
reference_type
scores
0
value 0.0016
scoring_system epss
scoring_elements 0.36865
published_at 2026-04-01T12:55:00Z
1
value 0.0016
scoring_system epss
scoring_elements 0.37035
published_at 2026-04-02T12:55:00Z
2
value 0.0016
scoring_system epss
scoring_elements 0.37068
published_at 2026-04-04T12:55:00Z
3
value 0.0016
scoring_system epss
scoring_elements 0.36896
published_at 2026-04-07T12:55:00Z
4
value 0.0016
scoring_system epss
scoring_elements 0.36947
published_at 2026-04-08T12:55:00Z
5
value 0.0016
scoring_system epss
scoring_elements 0.36959
published_at 2026-04-09T12:55:00Z
6
value 0.0016
scoring_system epss
scoring_elements 0.36968
published_at 2026-04-11T12:55:00Z
7
value 0.0016
scoring_system epss
scoring_elements 0.36933
published_at 2026-04-12T12:55:00Z
8
value 0.0016
scoring_system epss
scoring_elements 0.36908
published_at 2026-04-13T12:55:00Z
9
value 0.0016
scoring_system epss
scoring_elements 0.36953
published_at 2026-04-16T12:55:00Z
10
value 0.0016
scoring_system epss
scoring_elements 0.36936
published_at 2026-04-18T12:55:00Z
11
value 0.0016
scoring_system epss
scoring_elements 0.36877
published_at 2026-04-21T12:55:00Z
12
value 0.0016
scoring_system epss
scoring_elements 0.3665
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22260
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22260
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kdp-3q1x-buh8
29
url VCID-3ks6-33qp-nybx
vulnerability_id VCID-3ks6-33qp-nybx
summary A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22246
reference_id
reference_type
scores
0
value 0.00223
scoring_system epss
scoring_elements 0.44952
published_at 2026-04-01T12:55:00Z
1
value 0.00223
scoring_system epss
scoring_elements 0.45033
published_at 2026-04-02T12:55:00Z
2
value 0.00223
scoring_system epss
scoring_elements 0.45056
published_at 2026-04-04T12:55:00Z
3
value 0.00223
scoring_system epss
scoring_elements 0.44999
published_at 2026-04-07T12:55:00Z
4
value 0.00223
scoring_system epss
scoring_elements 0.4505
published_at 2026-04-08T12:55:00Z
5
value 0.00223
scoring_system epss
scoring_elements 0.45051
published_at 2026-04-09T12:55:00Z
6
value 0.00223
scoring_system epss
scoring_elements 0.45074
published_at 2026-04-11T12:55:00Z
7
value 0.00223
scoring_system epss
scoring_elements 0.45042
published_at 2026-04-12T12:55:00Z
8
value 0.00223
scoring_system epss
scoring_elements 0.45044
published_at 2026-04-13T12:55:00Z
9
value 0.00223
scoring_system epss
scoring_elements 0.45093
published_at 2026-04-16T12:55:00Z
10
value 0.00223
scoring_system epss
scoring_elements 0.45087
published_at 2026-04-18T12:55:00Z
11
value 0.00223
scoring_system epss
scoring_elements 0.45038
published_at 2026-04-21T12:55:00Z
12
value 0.00223
scoring_system epss
scoring_elements 0.4495
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22246
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22246
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ks6-33qp-nybx
30
url VCID-3sz1-hdfk-rkgd
vulnerability_id VCID-3sz1-hdfk-rkgd
summary It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3330
reference_id
reference_type
scores
0
value 0.00163
scoring_system epss
scoring_elements 0.36933
published_at 2026-04-24T12:55:00Z
1
value 0.00163
scoring_system epss
scoring_elements 0.37232
published_at 2026-04-16T12:55:00Z
2
value 0.00163
scoring_system epss
scoring_elements 0.37215
published_at 2026-04-18T12:55:00Z
3
value 0.00163
scoring_system epss
scoring_elements 0.37158
published_at 2026-04-21T12:55:00Z
4
value 0.00163
scoring_system epss
scoring_elements 0.37317
published_at 2026-04-02T12:55:00Z
5
value 0.00163
scoring_system epss
scoring_elements 0.37342
published_at 2026-04-04T12:55:00Z
6
value 0.00163
scoring_system epss
scoring_elements 0.3717
published_at 2026-04-07T12:55:00Z
7
value 0.00163
scoring_system epss
scoring_elements 0.37222
published_at 2026-04-08T12:55:00Z
8
value 0.00163
scoring_system epss
scoring_elements 0.37236
published_at 2026-04-09T12:55:00Z
9
value 0.00163
scoring_system epss
scoring_elements 0.37246
published_at 2026-04-11T12:55:00Z
10
value 0.00163
scoring_system epss
scoring_elements 0.37212
published_at 2026-04-12T12:55:00Z
11
value 0.00163
scoring_system epss
scoring_elements 0.37186
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3330
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/365827
reference_id 365827
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T20:17:40Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/365827
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3330.json
reference_id CVE-2022-3330.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T20:17:40Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3330.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3330
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3sz1-hdfk-rkgd
31
url VCID-3szm-mdpf-6ua7
vulnerability_id VCID-3szm-mdpf-6ua7
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2534
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.43968
published_at 2026-04-24T12:55:00Z
1
value 0.00215
scoring_system epss
scoring_elements 0.44056
published_at 2026-04-02T12:55:00Z
2
value 0.00215
scoring_system epss
scoring_elements 0.44079
published_at 2026-04-11T12:55:00Z
3
value 0.00215
scoring_system epss
scoring_elements 0.4401
published_at 2026-04-07T12:55:00Z
4
value 0.00215
scoring_system epss
scoring_elements 0.44062
published_at 2026-04-08T12:55:00Z
5
value 0.00215
scoring_system epss
scoring_elements 0.44064
published_at 2026-04-09T12:55:00Z
6
value 0.00215
scoring_system epss
scoring_elements 0.44047
published_at 2026-04-12T12:55:00Z
7
value 0.00215
scoring_system epss
scoring_elements 0.44031
published_at 2026-04-13T12:55:00Z
8
value 0.00215
scoring_system epss
scoring_elements 0.44092
published_at 2026-04-16T12:55:00Z
9
value 0.00215
scoring_system epss
scoring_elements 0.44083
published_at 2026-04-18T12:55:00Z
10
value 0.00215
scoring_system epss
scoring_elements 0.44017
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2534
1
reference_url https://security.archlinux.org/AVG-2785
reference_id AVG-2785
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2785
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2534
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3szm-mdpf-6ua7
32
url VCID-3wq9-j84d-kucf
vulnerability_id VCID-3wq9-j84d-kucf
summary Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1935
reference_id
reference_type
scores
0
value 0.00143
scoring_system epss
scoring_elements 0.34355
published_at 2026-04-01T12:55:00Z
1
value 0.00143
scoring_system epss
scoring_elements 0.34673
published_at 2026-04-02T12:55:00Z
2
value 0.00143
scoring_system epss
scoring_elements 0.34699
published_at 2026-04-04T12:55:00Z
3
value 0.00143
scoring_system epss
scoring_elements 0.34568
published_at 2026-04-07T12:55:00Z
4
value 0.00143
scoring_system epss
scoring_elements 0.34611
published_at 2026-04-08T12:55:00Z
5
value 0.00143
scoring_system epss
scoring_elements 0.34641
published_at 2026-04-09T12:55:00Z
6
value 0.00143
scoring_system epss
scoring_elements 0.34643
published_at 2026-04-11T12:55:00Z
7
value 0.00143
scoring_system epss
scoring_elements 0.34604
published_at 2026-04-12T12:55:00Z
8
value 0.00143
scoring_system epss
scoring_elements 0.34581
published_at 2026-04-13T12:55:00Z
9
value 0.00143
scoring_system epss
scoring_elements 0.34619
published_at 2026-04-16T12:55:00Z
10
value 0.00143
scoring_system epss
scoring_elements 0.34605
published_at 2026-04-18T12:55:00Z
11
value 0.00143
scoring_system epss
scoring_elements 0.34566
published_at 2026-04-21T12:55:00Z
12
value 0.00143
scoring_system epss
scoring_elements 0.34209
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1935
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1935
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3wq9-j84d-kucf
33
url VCID-3zax-7j7d-f7d1
vulnerability_id VCID-3zax-7j7d-f7d1
summary Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2251
reference_id
reference_type
scores
0
value 0.022
scoring_system epss
scoring_elements 0.84469
published_at 2026-04-24T12:55:00Z
1
value 0.022
scoring_system epss
scoring_elements 0.84429
published_at 2026-04-11T12:55:00Z
2
value 0.022
scoring_system epss
scoring_elements 0.84423
published_at 2026-04-12T12:55:00Z
3
value 0.022
scoring_system epss
scoring_elements 0.84419
published_at 2026-04-13T12:55:00Z
4
value 0.022
scoring_system epss
scoring_elements 0.84442
published_at 2026-04-18T12:55:00Z
5
value 0.022
scoring_system epss
scoring_elements 0.84443
published_at 2026-04-21T12:55:00Z
6
value 0.022
scoring_system epss
scoring_elements 0.84361
published_at 2026-04-02T12:55:00Z
7
value 0.022
scoring_system epss
scoring_elements 0.84382
published_at 2026-04-04T12:55:00Z
8
value 0.022
scoring_system epss
scoring_elements 0.84384
published_at 2026-04-07T12:55:00Z
9
value 0.022
scoring_system epss
scoring_elements 0.84406
published_at 2026-04-08T12:55:00Z
10
value 0.022
scoring_system epss
scoring_elements 0.84411
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2251
1
reference_url https://hackerone.com/reports/1063511
reference_id 1063511
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-08T18:20:33Z/
url https://hackerone.com/reports/1063511
2
reference_url https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386
reference_id 27386
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-08T18:20:33Z/
url https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json
reference_id CVE-2022-2251.json
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-08T18:20:33Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2251
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3zax-7j7d-f7d1
34
url VCID-4pa9-gyq6-u7ht
vulnerability_id VCID-4pa9-gyq6-u7ht
summary In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39896
reference_id
reference_type
scores
0
value 0.00197
scoring_system epss
scoring_elements 0.41467
published_at 2026-04-24T12:55:00Z
1
value 0.00197
scoring_system epss
scoring_elements 0.4155
published_at 2026-04-01T12:55:00Z
2
value 0.00197
scoring_system epss
scoring_elements 0.41638
published_at 2026-04-02T12:55:00Z
3
value 0.00197
scoring_system epss
scoring_elements 0.41666
published_at 2026-04-04T12:55:00Z
4
value 0.00197
scoring_system epss
scoring_elements 0.41593
published_at 2026-04-07T12:55:00Z
5
value 0.00197
scoring_system epss
scoring_elements 0.41643
published_at 2026-04-12T12:55:00Z
6
value 0.00197
scoring_system epss
scoring_elements 0.41652
published_at 2026-04-09T12:55:00Z
7
value 0.00197
scoring_system epss
scoring_elements 0.41675
published_at 2026-04-11T12:55:00Z
8
value 0.00197
scoring_system epss
scoring_elements 0.41628
published_at 2026-04-13T12:55:00Z
9
value 0.00197
scoring_system epss
scoring_elements 0.41676
published_at 2026-04-16T12:55:00Z
10
value 0.00197
scoring_system epss
scoring_elements 0.41649
published_at 2026-04-18T12:55:00Z
11
value 0.00197
scoring_system epss
scoring_elements 0.41574
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39896
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39896
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4pa9-gyq6-u7ht
35
url VCID-4vc7-t55g-n7c4
vulnerability_id VCID-4vc7-t55g-n7c4
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3483
reference_id
reference_type
scores
0
value 0.0033
scoring_system epss
scoring_elements 0.55919
published_at 2026-04-24T12:55:00Z
1
value 0.0033
scoring_system epss
scoring_elements 0.55998
published_at 2026-04-12T12:55:00Z
2
value 0.0033
scoring_system epss
scoring_elements 0.5598
published_at 2026-04-13T12:55:00Z
3
value 0.0033
scoring_system epss
scoring_elements 0.56016
published_at 2026-04-16T12:55:00Z
4
value 0.0033
scoring_system epss
scoring_elements 0.56019
published_at 2026-04-18T12:55:00Z
5
value 0.0033
scoring_system epss
scoring_elements 0.55993
published_at 2026-04-21T12:55:00Z
6
value 0.0033
scoring_system epss
scoring_elements 0.55954
published_at 2026-04-02T12:55:00Z
7
value 0.0033
scoring_system epss
scoring_elements 0.55975
published_at 2026-04-04T12:55:00Z
8
value 0.0033
scoring_system epss
scoring_elements 0.55953
published_at 2026-04-07T12:55:00Z
9
value 0.0033
scoring_system epss
scoring_elements 0.56004
published_at 2026-04-08T12:55:00Z
10
value 0.0033
scoring_system epss
scoring_elements 0.56007
published_at 2026-04-09T12:55:00Z
11
value 0.0033
scoring_system epss
scoring_elements 0.56018
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3483
1
reference_url https://hackerone.com/reports/1724402
reference_id 1724402
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:28:33Z/
url https://hackerone.com/reports/1724402
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/377799
reference_id 377799
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:28:33Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/377799
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3483.json
reference_id CVE-2022-3483.json
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:28:33Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3483.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3483
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4vc7-t55g-n7c4
36
url VCID-4xj4-ekjd-6yc4
vulnerability_id VCID-4xj4-ekjd-6yc4
summary An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0756
reference_id
reference_type
scores
0
value 0.0022
scoring_system epss
scoring_elements 0.44555
published_at 2026-04-24T12:55:00Z
1
value 0.0022
scoring_system epss
scoring_elements 0.44692
published_at 2026-04-11T12:55:00Z
2
value 0.0022
scoring_system epss
scoring_elements 0.44662
published_at 2026-04-13T12:55:00Z
3
value 0.0022
scoring_system epss
scoring_elements 0.44718
published_at 2026-04-16T12:55:00Z
4
value 0.0022
scoring_system epss
scoring_elements 0.44711
published_at 2026-04-18T12:55:00Z
5
value 0.0022
scoring_system epss
scoring_elements 0.44641
published_at 2026-04-21T12:55:00Z
6
value 0.0022
scoring_system epss
scoring_elements 0.44664
published_at 2026-04-02T12:55:00Z
7
value 0.0022
scoring_system epss
scoring_elements 0.44685
published_at 2026-04-04T12:55:00Z
8
value 0.0022
scoring_system epss
scoring_elements 0.44622
published_at 2026-04-07T12:55:00Z
9
value 0.0022
scoring_system epss
scoring_elements 0.44673
published_at 2026-04-08T12:55:00Z
10
value 0.0022
scoring_system epss
scoring_elements 0.44675
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0756
1
reference_url https://hackerone.com/reports/1864278
reference_id 1864278
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-12T16:08:01Z/
url https://hackerone.com/reports/1864278
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/390910
reference_id 390910
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-12T16:08:01Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/390910
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0756.json
reference_id CVE-2023-0756.json
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-12T16:08:01Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0756.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-0756
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4xj4-ekjd-6yc4
37
url VCID-4xun-1v5s-uqbt
vulnerability_id VCID-4xun-1v5s-uqbt
summary An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS vulnerability (CVE-2022-1175) to persist and execute.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1433
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45265
published_at 2026-04-24T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45264
published_at 2026-04-01T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.45346
published_at 2026-04-02T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45366
published_at 2026-04-09T12:55:00Z
4
value 0.00226
scoring_system epss
scoring_elements 0.45309
published_at 2026-04-07T12:55:00Z
5
value 0.00226
scoring_system epss
scoring_elements 0.45364
published_at 2026-04-08T12:55:00Z
6
value 0.00226
scoring_system epss
scoring_elements 0.45387
published_at 2026-04-11T12:55:00Z
7
value 0.00226
scoring_system epss
scoring_elements 0.45356
published_at 2026-04-12T12:55:00Z
8
value 0.00226
scoring_system epss
scoring_elements 0.45357
published_at 2026-04-13T12:55:00Z
9
value 0.00226
scoring_system epss
scoring_elements 0.45409
published_at 2026-04-16T12:55:00Z
10
value 0.00226
scoring_system epss
scoring_elements 0.45404
published_at 2026-04-18T12:55:00Z
11
value 0.00226
scoring_system epss
scoring_elements 0.45354
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1433
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1433
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4xun-1v5s-uqbt
38
url VCID-54ws-nrwe-wucv
vulnerability_id VCID-54ws-nrwe-wucv
summary In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39898
reference_id
reference_type
scores
0
value 0.00301
scoring_system epss
scoring_elements 0.53382
published_at 2026-04-24T12:55:00Z
1
value 0.00301
scoring_system epss
scoring_elements 0.53302
published_at 2026-04-01T12:55:00Z
2
value 0.00301
scoring_system epss
scoring_elements 0.53325
published_at 2026-04-02T12:55:00Z
3
value 0.00301
scoring_system epss
scoring_elements 0.53351
published_at 2026-04-04T12:55:00Z
4
value 0.00301
scoring_system epss
scoring_elements 0.53321
published_at 2026-04-07T12:55:00Z
5
value 0.00301
scoring_system epss
scoring_elements 0.53373
published_at 2026-04-08T12:55:00Z
6
value 0.00301
scoring_system epss
scoring_elements 0.53367
published_at 2026-04-09T12:55:00Z
7
value 0.00301
scoring_system epss
scoring_elements 0.53419
published_at 2026-04-11T12:55:00Z
8
value 0.00301
scoring_system epss
scoring_elements 0.53403
published_at 2026-04-12T12:55:00Z
9
value 0.00301
scoring_system epss
scoring_elements 0.53387
published_at 2026-04-13T12:55:00Z
10
value 0.00301
scoring_system epss
scoring_elements 0.53424
published_at 2026-04-16T12:55:00Z
11
value 0.00301
scoring_system epss
scoring_elements 0.5343
published_at 2026-04-18T12:55:00Z
12
value 0.00301
scoring_system epss
scoring_elements 0.5341
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39898
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39898
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-54ws-nrwe-wucv
39
url VCID-55t2-2xm4-eqdt
vulnerability_id VCID-55t2-2xm4-eqdt
summary In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's impersonation of a user are not cleared at the end of impersonation which may lead to unnecessary sensitive info disclosure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39891
reference_id
reference_type
scores
0
value 0.00114
scoring_system epss
scoring_elements 0.29786
published_at 2026-04-24T12:55:00Z
1
value 0.00114
scoring_system epss
scoring_elements 0.30008
published_at 2026-04-11T12:55:00Z
2
value 0.00114
scoring_system epss
scoring_elements 0.30047
published_at 2026-04-02T12:55:00Z
3
value 0.00114
scoring_system epss
scoring_elements 0.30093
published_at 2026-04-04T12:55:00Z
4
value 0.00114
scoring_system epss
scoring_elements 0.29906
published_at 2026-04-07T12:55:00Z
5
value 0.00114
scoring_system epss
scoring_elements 0.29968
published_at 2026-04-08T12:55:00Z
6
value 0.00114
scoring_system epss
scoring_elements 0.30003
published_at 2026-04-09T12:55:00Z
7
value 0.00114
scoring_system epss
scoring_elements 0.29962
published_at 2026-04-12T12:55:00Z
8
value 0.00114
scoring_system epss
scoring_elements 0.29913
published_at 2026-04-13T12:55:00Z
9
value 0.00114
scoring_system epss
scoring_elements 0.29931
published_at 2026-04-16T12:55:00Z
10
value 0.00114
scoring_system epss
scoring_elements 0.2991
published_at 2026-04-18T12:55:00Z
11
value 0.00114
scoring_system epss
scoring_elements 0.29864
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39891
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39891
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-55t2-2xm4-eqdt
40
url VCID-55tn-dhah-8fak
vulnerability_id VCID-55tn-dhah-8fak
summary A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22224
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.59061
published_at 2026-04-24T12:55:00Z
1
value 0.00374
scoring_system epss
scoring_elements 0.58961
published_at 2026-04-01T12:55:00Z
2
value 0.00374
scoring_system epss
scoring_elements 0.59036
published_at 2026-04-02T12:55:00Z
3
value 0.00374
scoring_system epss
scoring_elements 0.59058
published_at 2026-04-04T12:55:00Z
4
value 0.00374
scoring_system epss
scoring_elements 0.59023
published_at 2026-04-07T12:55:00Z
5
value 0.00374
scoring_system epss
scoring_elements 0.59074
published_at 2026-04-08T12:55:00Z
6
value 0.00374
scoring_system epss
scoring_elements 0.5908
published_at 2026-04-21T12:55:00Z
7
value 0.00374
scoring_system epss
scoring_elements 0.59099
published_at 2026-04-11T12:55:00Z
8
value 0.00374
scoring_system epss
scoring_elements 0.59081
published_at 2026-04-12T12:55:00Z
9
value 0.00374
scoring_system epss
scoring_elements 0.59062
published_at 2026-04-13T12:55:00Z
10
value 0.00374
scoring_system epss
scoring_elements 0.59097
published_at 2026-04-16T12:55:00Z
11
value 0.00374
scoring_system epss
scoring_elements 0.59101
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22224
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22224
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-55tn-dhah-8fak
41
url VCID-55xy-kgmw-wkhz
vulnerability_id VCID-55xy-kgmw-wkhz
summary An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2229
reference_id
reference_type
scores
0
value 0.00216
scoring_system epss
scoring_elements 0.44193
published_at 2026-04-02T12:55:00Z
1
value 0.00216
scoring_system epss
scoring_elements 0.44216
published_at 2026-04-04T12:55:00Z
2
value 0.00216
scoring_system epss
scoring_elements 0.44148
published_at 2026-04-07T12:55:00Z
3
value 0.00216
scoring_system epss
scoring_elements 0.44199
published_at 2026-04-08T12:55:00Z
4
value 0.00216
scoring_system epss
scoring_elements 0.44203
published_at 2026-04-09T12:55:00Z
5
value 0.00216
scoring_system epss
scoring_elements 0.44219
published_at 2026-04-11T12:55:00Z
6
value 0.00216
scoring_system epss
scoring_elements 0.44186
published_at 2026-04-13T12:55:00Z
7
value 0.00216
scoring_system epss
scoring_elements 0.44247
published_at 2026-04-16T12:55:00Z
8
value 0.00216
scoring_system epss
scoring_elements 0.44237
published_at 2026-04-18T12:55:00Z
9
value 0.00216
scoring_system epss
scoring_elements 0.44166
published_at 2026-04-21T12:55:00Z
10
value 0.00216
scoring_system epss
scoring_elements 0.4409
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2229
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2229
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-55xy-kgmw-wkhz
42
url VCID-58qy-wsd7-c7gc
vulnerability_id VCID-58qy-wsd7-c7gc
summary An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a Cross-Site Request Forgery attack that allows a malicious user to have their GitHub project imported on another GitLab user account.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0154
reference_id
reference_type
scores
0
value 0.00134
scoring_system epss
scoring_elements 0.33023
published_at 2026-04-01T12:55:00Z
1
value 0.00134
scoring_system epss
scoring_elements 0.33154
published_at 2026-04-02T12:55:00Z
2
value 0.00134
scoring_system epss
scoring_elements 0.33187
published_at 2026-04-04T12:55:00Z
3
value 0.00134
scoring_system epss
scoring_elements 0.33017
published_at 2026-04-07T12:55:00Z
4
value 0.00134
scoring_system epss
scoring_elements 0.33061
published_at 2026-04-08T12:55:00Z
5
value 0.00134
scoring_system epss
scoring_elements 0.33092
published_at 2026-04-09T12:55:00Z
6
value 0.00134
scoring_system epss
scoring_elements 0.33094
published_at 2026-04-11T12:55:00Z
7
value 0.00134
scoring_system epss
scoring_elements 0.33056
published_at 2026-04-12T12:55:00Z
8
value 0.00134
scoring_system epss
scoring_elements 0.33032
published_at 2026-04-13T12:55:00Z
9
value 0.00134
scoring_system epss
scoring_elements 0.33074
published_at 2026-04-16T12:55:00Z
10
value 0.00134
scoring_system epss
scoring_elements 0.33051
published_at 2026-04-18T12:55:00Z
11
value 0.00134
scoring_system epss
scoring_elements 0.33012
published_at 2026-04-21T12:55:00Z
12
value 0.00134
scoring_system epss
scoring_elements 0.32866
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0154
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0154
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-58qy-wsd7-c7gc
43
url VCID-58sz-3zn5-qbh4
vulnerability_id VCID-58sz-3zn5-qbh4
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they import members from another project that those other users are Owners of.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2485
reference_id
reference_type
scores
0
value 0.00166
scoring_system epss
scoring_elements 0.37501
published_at 2026-04-24T12:55:00Z
1
value 0.00166
scoring_system epss
scoring_elements 0.37817
published_at 2026-04-09T12:55:00Z
2
value 0.00166
scoring_system epss
scoring_elements 0.37832
published_at 2026-04-11T12:55:00Z
3
value 0.00166
scoring_system epss
scoring_elements 0.37796
published_at 2026-04-12T12:55:00Z
4
value 0.00166
scoring_system epss
scoring_elements 0.37771
published_at 2026-04-13T12:55:00Z
5
value 0.00166
scoring_system epss
scoring_elements 0.37819
published_at 2026-04-16T12:55:00Z
6
value 0.00166
scoring_system epss
scoring_elements 0.37799
published_at 2026-04-18T12:55:00Z
7
value 0.00166
scoring_system epss
scoring_elements 0.37739
published_at 2026-04-21T12:55:00Z
8
value 0.00166
scoring_system epss
scoring_elements 0.37875
published_at 2026-04-04T12:55:00Z
9
value 0.00166
scoring_system epss
scoring_elements 0.37754
published_at 2026-04-07T12:55:00Z
10
value 0.00166
scoring_system epss
scoring_elements 0.37805
published_at 2026-04-08T12:55:00Z
11
value 0.00196
scoring_system epss
scoring_elements 0.41584
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2485
1
reference_url https://hackerone.com/reports/1934811
reference_id 1934811
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T15:44:06Z/
url https://hackerone.com/reports/1934811
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/407830
reference_id 407830
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T15:44:06Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/407830
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2485.json
reference_id CVE-2023-2485.json
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T15:44:06Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2485.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-2485
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-58sz-3zn5-qbh4
44
url VCID-5dp5-a23a-yuex
vulnerability_id VCID-5dp5-a23a-yuex
summary An issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. Under specialized conditions, an invited group member may continue to have access to a project even after the invited group, which the member was part of, is deleted.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22264
reference_id
reference_type
scores
0
value 0.00142
scoring_system epss
scoring_elements 0.34174
published_at 2026-04-01T12:55:00Z
1
value 0.00142
scoring_system epss
scoring_elements 0.34512
published_at 2026-04-02T12:55:00Z
2
value 0.00142
scoring_system epss
scoring_elements 0.3454
published_at 2026-04-04T12:55:00Z
3
value 0.00142
scoring_system epss
scoring_elements 0.34408
published_at 2026-04-07T12:55:00Z
4
value 0.00142
scoring_system epss
scoring_elements 0.3445
published_at 2026-04-08T12:55:00Z
5
value 0.00142
scoring_system epss
scoring_elements 0.34479
published_at 2026-04-09T12:55:00Z
6
value 0.00142
scoring_system epss
scoring_elements 0.34481
published_at 2026-04-11T12:55:00Z
7
value 0.00142
scoring_system epss
scoring_elements 0.34442
published_at 2026-04-12T12:55:00Z
8
value 0.00142
scoring_system epss
scoring_elements 0.34418
published_at 2026-04-13T12:55:00Z
9
value 0.00142
scoring_system epss
scoring_elements 0.34453
published_at 2026-04-16T12:55:00Z
10
value 0.00142
scoring_system epss
scoring_elements 0.34439
published_at 2026-04-18T12:55:00Z
11
value 0.00142
scoring_system epss
scoring_elements 0.344
published_at 2026-04-21T12:55:00Z
12
value 0.00142
scoring_system epss
scoring_elements 0.34028
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22264
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22264
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5dp5-a23a-yuex
45
url VCID-5sn3-16ru-d7g8
vulnerability_id VCID-5sn3-16ru-d7g8
summary A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4201
reference_id
reference_type
scores
0
value 0.00104
scoring_system epss
scoring_elements 0.28194
published_at 2026-04-24T12:55:00Z
1
value 0.00104
scoring_system epss
scoring_elements 0.28358
published_at 2026-04-16T12:55:00Z
2
value 0.00104
scoring_system epss
scoring_elements 0.28336
published_at 2026-04-18T12:55:00Z
3
value 0.00104
scoring_system epss
scoring_elements 0.2829
published_at 2026-04-21T12:55:00Z
4
value 0.00104
scoring_system epss
scoring_elements 0.28498
published_at 2026-04-02T12:55:00Z
5
value 0.00104
scoring_system epss
scoring_elements 0.28541
published_at 2026-04-04T12:55:00Z
6
value 0.00104
scoring_system epss
scoring_elements 0.28337
published_at 2026-04-07T12:55:00Z
7
value 0.00104
scoring_system epss
scoring_elements 0.28403
published_at 2026-04-08T12:55:00Z
8
value 0.00104
scoring_system epss
scoring_elements 0.28445
published_at 2026-04-09T12:55:00Z
9
value 0.00104
scoring_system epss
scoring_elements 0.28448
published_at 2026-04-11T12:55:00Z
10
value 0.00104
scoring_system epss
scoring_elements 0.28405
published_at 2026-04-12T12:55:00Z
11
value 0.00104
scoring_system epss
scoring_elements 0.28347
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4201
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/30376
reference_id 30376
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:20:53Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/30376
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4201.json
reference_id CVE-2022-4201.json
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:20:53Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4201.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-4201
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5sn3-16ru-d7g8
46
url VCID-5t99-3qbr-sfdj
vulnerability_id VCID-5t99-3qbr-sfdj
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39933
reference_id
reference_type
scores
0
value 0.00189
scoring_system epss
scoring_elements 0.4058
published_at 2026-04-24T12:55:00Z
1
value 0.00189
scoring_system epss
scoring_elements 0.4068
published_at 2026-04-01T12:55:00Z
2
value 0.00189
scoring_system epss
scoring_elements 0.40764
published_at 2026-04-02T12:55:00Z
3
value 0.00189
scoring_system epss
scoring_elements 0.40791
published_at 2026-04-11T12:55:00Z
4
value 0.00189
scoring_system epss
scoring_elements 0.40715
published_at 2026-04-07T12:55:00Z
5
value 0.00189
scoring_system epss
scoring_elements 0.40765
published_at 2026-04-08T12:55:00Z
6
value 0.00189
scoring_system epss
scoring_elements 0.40772
published_at 2026-04-09T12:55:00Z
7
value 0.00189
scoring_system epss
scoring_elements 0.40757
published_at 2026-04-12T12:55:00Z
8
value 0.00189
scoring_system epss
scoring_elements 0.40738
published_at 2026-04-13T12:55:00Z
9
value 0.00189
scoring_system epss
scoring_elements 0.40783
published_at 2026-04-16T12:55:00Z
10
value 0.00189
scoring_system epss
scoring_elements 0.40753
published_at 2026-04-18T12:55:00Z
11
value 0.00189
scoring_system epss
scoring_elements 0.40675
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39933
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39933
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5t99-3qbr-sfdj
47
url VCID-5w9b-xtnz-dygc
vulnerability_id VCID-5w9b-xtnz-dygc
summary An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22184
reference_id
reference_type
scores
0
value 0.00071
scoring_system epss
scoring_elements 0.2169
published_at 2026-04-01T12:55:00Z
1
value 0.00071
scoring_system epss
scoring_elements 0.21856
published_at 2026-04-02T12:55:00Z
2
value 0.00071
scoring_system epss
scoring_elements 0.2191
published_at 2026-04-04T12:55:00Z
3
value 0.00071
scoring_system epss
scoring_elements 0.21677
published_at 2026-04-07T12:55:00Z
4
value 0.00071
scoring_system epss
scoring_elements 0.21754
published_at 2026-04-08T12:55:00Z
5
value 0.00071
scoring_system epss
scoring_elements 0.21811
published_at 2026-04-09T12:55:00Z
6
value 0.00071
scoring_system epss
scoring_elements 0.21822
published_at 2026-04-11T12:55:00Z
7
value 0.00071
scoring_system epss
scoring_elements 0.21782
published_at 2026-04-12T12:55:00Z
8
value 0.00071
scoring_system epss
scoring_elements 0.21725
published_at 2026-04-16T12:55:00Z
9
value 0.00071
scoring_system epss
scoring_elements 0.21732
published_at 2026-04-18T12:55:00Z
10
value 0.00071
scoring_system epss
scoring_elements 0.21698
published_at 2026-04-21T12:55:00Z
11
value 0.00071
scoring_system epss
scoring_elements 0.21551
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22184
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22184
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5w9b-xtnz-dygc
48
url VCID-62y5-e7f4-7kbz
vulnerability_id VCID-62y5-e7f4-7kbz
summary Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1413
reference_id
reference_type
scores
0
value 0.00209
scoring_system epss
scoring_elements 0.43257
published_at 2026-04-24T12:55:00Z
1
value 0.00209
scoring_system epss
scoring_elements 0.43275
published_at 2026-04-01T12:55:00Z
2
value 0.00209
scoring_system epss
scoring_elements 0.43332
published_at 2026-04-02T12:55:00Z
3
value 0.00209
scoring_system epss
scoring_elements 0.4336
published_at 2026-04-04T12:55:00Z
4
value 0.00209
scoring_system epss
scoring_elements 0.43299
published_at 2026-04-07T12:55:00Z
5
value 0.00209
scoring_system epss
scoring_elements 0.43351
published_at 2026-04-08T12:55:00Z
6
value 0.00209
scoring_system epss
scoring_elements 0.43365
published_at 2026-04-09T12:55:00Z
7
value 0.00209
scoring_system epss
scoring_elements 0.43386
published_at 2026-04-11T12:55:00Z
8
value 0.00209
scoring_system epss
scoring_elements 0.43355
published_at 2026-04-12T12:55:00Z
9
value 0.00209
scoring_system epss
scoring_elements 0.43339
published_at 2026-04-13T12:55:00Z
10
value 0.00209
scoring_system epss
scoring_elements 0.43399
published_at 2026-04-16T12:55:00Z
11
value 0.00209
scoring_system epss
scoring_elements 0.43388
published_at 2026-04-18T12:55:00Z
12
value 0.00209
scoring_system epss
scoring_elements 0.43323
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1413
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1413
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-62y5-e7f4-7kbz
49
url VCID-63cc-p6xr-qqcc
vulnerability_id VCID-63cc-p6xr-qqcc
summary A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39878
reference_id
reference_type
scores
0
value 0.00185
scoring_system epss
scoring_elements 0.39972
published_at 2026-04-24T12:55:00Z
1
value 0.00185
scoring_system epss
scoring_elements 0.40091
published_at 2026-04-01T12:55:00Z
2
value 0.00185
scoring_system epss
scoring_elements 0.40241
published_at 2026-04-08T12:55:00Z
3
value 0.00185
scoring_system epss
scoring_elements 0.40266
published_at 2026-04-04T12:55:00Z
4
value 0.00185
scoring_system epss
scoring_elements 0.40188
published_at 2026-04-07T12:55:00Z
5
value 0.00185
scoring_system epss
scoring_elements 0.40251
published_at 2026-04-09T12:55:00Z
6
value 0.00185
scoring_system epss
scoring_elements 0.40263
published_at 2026-04-11T12:55:00Z
7
value 0.00185
scoring_system epss
scoring_elements 0.40225
published_at 2026-04-12T12:55:00Z
8
value 0.00185
scoring_system epss
scoring_elements 0.40205
published_at 2026-04-13T12:55:00Z
9
value 0.00185
scoring_system epss
scoring_elements 0.40253
published_at 2026-04-16T12:55:00Z
10
value 0.00185
scoring_system epss
scoring_elements 0.40223
published_at 2026-04-18T12:55:00Z
11
value 0.00185
scoring_system epss
scoring_elements 0.40146
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39878
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39878
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63cc-p6xr-qqcc
50
url VCID-64wb-wrxa-afb2
vulnerability_id VCID-64wb-wrxa-afb2
summary Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22225
reference_id
reference_type
scores
0
value 0.00135
scoring_system epss
scoring_elements 0.33081
published_at 2026-04-24T12:55:00Z
1
value 0.00135
scoring_system epss
scoring_elements 0.33232
published_at 2026-04-07T12:55:00Z
2
value 0.00135
scoring_system epss
scoring_elements 0.33366
published_at 2026-04-02T12:55:00Z
3
value 0.00135
scoring_system epss
scoring_elements 0.33398
published_at 2026-04-04T12:55:00Z
4
value 0.00135
scoring_system epss
scoring_elements 0.33276
published_at 2026-04-08T12:55:00Z
5
value 0.00135
scoring_system epss
scoring_elements 0.3331
published_at 2026-04-09T12:55:00Z
6
value 0.00135
scoring_system epss
scoring_elements 0.33314
published_at 2026-04-11T12:55:00Z
7
value 0.00135
scoring_system epss
scoring_elements 0.33273
published_at 2026-04-12T12:55:00Z
8
value 0.00135
scoring_system epss
scoring_elements 0.33249
published_at 2026-04-13T12:55:00Z
9
value 0.00135
scoring_system epss
scoring_elements 0.33288
published_at 2026-04-16T12:55:00Z
10
value 0.00135
scoring_system epss
scoring_elements 0.33265
published_at 2026-04-18T12:55:00Z
11
value 0.00135
scoring_system epss
scoring_elements 0.33229
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22225
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22225
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-64wb-wrxa-afb2
51
url VCID-67en-ypnv-skgz
vulnerability_id VCID-67en-ypnv-skgz
summary An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0523
reference_id
reference_type
scores
0
value 0.18491
scoring_system epss
scoring_elements 0.95257
published_at 2026-04-24T12:55:00Z
1
value 0.18491
scoring_system epss
scoring_elements 0.95223
published_at 2026-04-07T12:55:00Z
2
value 0.18491
scoring_system epss
scoring_elements 0.9523
published_at 2026-04-08T12:55:00Z
3
value 0.18491
scoring_system epss
scoring_elements 0.95234
published_at 2026-04-09T12:55:00Z
4
value 0.18491
scoring_system epss
scoring_elements 0.9524
published_at 2026-04-12T12:55:00Z
5
value 0.18491
scoring_system epss
scoring_elements 0.95243
published_at 2026-04-13T12:55:00Z
6
value 0.18491
scoring_system epss
scoring_elements 0.95251
published_at 2026-04-16T12:55:00Z
7
value 0.18491
scoring_system epss
scoring_elements 0.95254
published_at 2026-04-18T12:55:00Z
8
value 0.19609
scoring_system epss
scoring_elements 0.95388
published_at 2026-04-02T12:55:00Z
9
value 0.19609
scoring_system epss
scoring_elements 0.95395
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0523
1
reference_url https://hackerone.com/reports/1842867
reference_id 1842867
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:09:27Z/
url https://hackerone.com/reports/1842867
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/389487
reference_id 389487
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:09:27Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/389487
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0523.json
reference_id CVE-2023-0523.json
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:09:27Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0523.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-0523
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-67en-ypnv-skgz
52
url VCID-67ve-bq9s-vqes
vulnerability_id VCID-67ve-bq9s-vqes
summary Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1157
reference_id
reference_type
scores
0
value 0.00214
scoring_system epss
scoring_elements 0.43869
published_at 2026-04-01T12:55:00Z
1
value 0.00214
scoring_system epss
scoring_elements 0.43913
published_at 2026-04-02T12:55:00Z
2
value 0.00214
scoring_system epss
scoring_elements 0.43936
published_at 2026-04-04T12:55:00Z
3
value 0.00214
scoring_system epss
scoring_elements 0.43866
published_at 2026-04-07T12:55:00Z
4
value 0.00214
scoring_system epss
scoring_elements 0.43916
published_at 2026-04-08T12:55:00Z
5
value 0.00214
scoring_system epss
scoring_elements 0.43918
published_at 2026-04-09T12:55:00Z
6
value 0.00214
scoring_system epss
scoring_elements 0.43937
published_at 2026-04-11T12:55:00Z
7
value 0.00214
scoring_system epss
scoring_elements 0.43904
published_at 2026-04-12T12:55:00Z
8
value 0.00214
scoring_system epss
scoring_elements 0.43888
published_at 2026-04-13T12:55:00Z
9
value 0.00214
scoring_system epss
scoring_elements 0.4395
published_at 2026-04-16T12:55:00Z
10
value 0.00214
scoring_system epss
scoring_elements 0.43941
published_at 2026-04-18T12:55:00Z
11
value 0.00214
scoring_system epss
scoring_elements 0.43873
published_at 2026-04-21T12:55:00Z
12
value 0.00214
scoring_system epss
scoring_elements 0.43825
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1157
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1157
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-67ve-bq9s-vqes
53
url VCID-6d62-e1zf-wfcx
vulnerability_id VCID-6d62-e1zf-wfcx
summary A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0249
reference_id
reference_type
scores
0
value 0.00233
scoring_system epss
scoring_elements 0.461
published_at 2026-04-01T12:55:00Z
1
value 0.00233
scoring_system epss
scoring_elements 0.4614
published_at 2026-04-02T12:55:00Z
2
value 0.00233
scoring_system epss
scoring_elements 0.4616
published_at 2026-04-04T12:55:00Z
3
value 0.00233
scoring_system epss
scoring_elements 0.46108
published_at 2026-04-07T12:55:00Z
4
value 0.00233
scoring_system epss
scoring_elements 0.46164
published_at 2026-04-08T12:55:00Z
5
value 0.00233
scoring_system epss
scoring_elements 0.46161
published_at 2026-04-09T12:55:00Z
6
value 0.00233
scoring_system epss
scoring_elements 0.46184
published_at 2026-04-11T12:55:00Z
7
value 0.00233
scoring_system epss
scoring_elements 0.46156
published_at 2026-04-12T12:55:00Z
8
value 0.00233
scoring_system epss
scoring_elements 0.46165
published_at 2026-04-13T12:55:00Z
9
value 0.00233
scoring_system epss
scoring_elements 0.46222
published_at 2026-04-16T12:55:00Z
10
value 0.00233
scoring_system epss
scoring_elements 0.46218
published_at 2026-04-18T12:55:00Z
11
value 0.00233
scoring_system epss
scoring_elements 0.46162
published_at 2026-04-21T12:55:00Z
12
value 0.00233
scoring_system epss
scoring_elements 0.46143
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0249
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0249
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6d62-e1zf-wfcx
54
url VCID-6mxv-vb6s-uuga
vulnerability_id VCID-6mxv-vb6s-uuga
summary Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0390
reference_id
reference_type
scores
0
value 0.00263
scoring_system epss
scoring_elements 0.4962
published_at 2026-04-01T12:55:00Z
1
value 0.00263
scoring_system epss
scoring_elements 0.4965
published_at 2026-04-02T12:55:00Z
2
value 0.00263
scoring_system epss
scoring_elements 0.49677
published_at 2026-04-04T12:55:00Z
3
value 0.00263
scoring_system epss
scoring_elements 0.49628
published_at 2026-04-07T12:55:00Z
4
value 0.00263
scoring_system epss
scoring_elements 0.49684
published_at 2026-04-08T12:55:00Z
5
value 0.00263
scoring_system epss
scoring_elements 0.49678
published_at 2026-04-09T12:55:00Z
6
value 0.00263
scoring_system epss
scoring_elements 0.49696
published_at 2026-04-11T12:55:00Z
7
value 0.00263
scoring_system epss
scoring_elements 0.49667
published_at 2026-04-12T12:55:00Z
8
value 0.00263
scoring_system epss
scoring_elements 0.49669
published_at 2026-04-13T12:55:00Z
9
value 0.00263
scoring_system epss
scoring_elements 0.49717
published_at 2026-04-16T12:55:00Z
10
value 0.00263
scoring_system epss
scoring_elements 0.49715
published_at 2026-04-18T12:55:00Z
11
value 0.00263
scoring_system epss
scoring_elements 0.49686
published_at 2026-04-21T12:55:00Z
12
value 0.00263
scoring_system epss
scoring_elements 0.49676
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0390
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0390
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6mxv-vb6s-uuga
55
url VCID-6ns1-mx95-5ffe
vulnerability_id VCID-6ns1-mx95-5ffe
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39940
reference_id
reference_type
scores
0
value 0.00189
scoring_system epss
scoring_elements 0.4058
published_at 2026-04-24T12:55:00Z
1
value 0.00189
scoring_system epss
scoring_elements 0.4068
published_at 2026-04-01T12:55:00Z
2
value 0.00189
scoring_system epss
scoring_elements 0.40764
published_at 2026-04-02T12:55:00Z
3
value 0.00189
scoring_system epss
scoring_elements 0.40791
published_at 2026-04-11T12:55:00Z
4
value 0.00189
scoring_system epss
scoring_elements 0.40715
published_at 2026-04-07T12:55:00Z
5
value 0.00189
scoring_system epss
scoring_elements 0.40765
published_at 2026-04-08T12:55:00Z
6
value 0.00189
scoring_system epss
scoring_elements 0.40772
published_at 2026-04-09T12:55:00Z
7
value 0.00189
scoring_system epss
scoring_elements 0.40757
published_at 2026-04-12T12:55:00Z
8
value 0.00189
scoring_system epss
scoring_elements 0.40738
published_at 2026-04-13T12:55:00Z
9
value 0.00189
scoring_system epss
scoring_elements 0.40783
published_at 2026-04-16T12:55:00Z
10
value 0.00189
scoring_system epss
scoring_elements 0.40753
published_at 2026-04-18T12:55:00Z
11
value 0.00189
scoring_system epss
scoring_elements 0.40675
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39940
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39940
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ns1-mx95-5ffe
56
url VCID-6tyy-j5zg-zkgw
vulnerability_id VCID-6tyy-j5zg-zkgw
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22211
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37239
published_at 2026-04-24T12:55:00Z
1
value 0.00165
scoring_system epss
scoring_elements 0.37411
published_at 2026-04-01T12:55:00Z
2
value 0.00165
scoring_system epss
scoring_elements 0.37577
published_at 2026-04-02T12:55:00Z
3
value 0.00165
scoring_system epss
scoring_elements 0.37601
published_at 2026-04-04T12:55:00Z
4
value 0.00165
scoring_system epss
scoring_elements 0.37478
published_at 2026-04-07T12:55:00Z
5
value 0.00165
scoring_system epss
scoring_elements 0.37529
published_at 2026-04-08T12:55:00Z
6
value 0.00165
scoring_system epss
scoring_elements 0.37542
published_at 2026-04-16T12:55:00Z
7
value 0.00165
scoring_system epss
scoring_elements 0.37556
published_at 2026-04-11T12:55:00Z
8
value 0.00165
scoring_system epss
scoring_elements 0.37521
published_at 2026-04-12T12:55:00Z
9
value 0.00165
scoring_system epss
scoring_elements 0.37495
published_at 2026-04-13T12:55:00Z
10
value 0.00165
scoring_system epss
scoring_elements 0.37523
published_at 2026-04-18T12:55:00Z
11
value 0.00165
scoring_system epss
scoring_elements 0.37459
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22211
1
reference_url https://security.archlinux.org/ASA-202105-4
reference_id ASA-202105-4
reference_type
scores
url https://security.archlinux.org/ASA-202105-4
2
reference_url https://security.archlinux.org/AVG-1888
reference_id AVG-1888
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1888
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22211
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6tyy-j5zg-zkgw
57
url VCID-6uvg-uqe6-tud1
vulnerability_id VCID-6uvg-uqe6-tud1
summary A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39907
reference_id
reference_type
scores
0
value 0.00248
scoring_system epss
scoring_elements 0.48094
published_at 2026-04-24T12:55:00Z
1
value 0.00248
scoring_system epss
scoring_elements 0.48044
published_at 2026-04-01T12:55:00Z
2
value 0.00248
scoring_system epss
scoring_elements 0.48082
published_at 2026-04-02T12:55:00Z
3
value 0.00248
scoring_system epss
scoring_elements 0.48103
published_at 2026-04-04T12:55:00Z
4
value 0.00248
scoring_system epss
scoring_elements 0.48053
published_at 2026-04-07T12:55:00Z
5
value 0.00248
scoring_system epss
scoring_elements 0.48106
published_at 2026-04-08T12:55:00Z
6
value 0.00248
scoring_system epss
scoring_elements 0.48101
published_at 2026-04-09T12:55:00Z
7
value 0.00248
scoring_system epss
scoring_elements 0.48124
published_at 2026-04-11T12:55:00Z
8
value 0.00248
scoring_system epss
scoring_elements 0.48099
published_at 2026-04-12T12:55:00Z
9
value 0.00248
scoring_system epss
scoring_elements 0.48111
published_at 2026-04-13T12:55:00Z
10
value 0.00248
scoring_system epss
scoring_elements 0.48163
published_at 2026-04-16T12:55:00Z
11
value 0.00248
scoring_system epss
scoring_elements 0.48158
published_at 2026-04-18T12:55:00Z
12
value 0.00248
scoring_system epss
scoring_elements 0.48113
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39907
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39907
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6uvg-uqe6-tud1
58
url VCID-6y4r-d3eu-hqcp
vulnerability_id VCID-6y4r-d3eu-hqcp
summary In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39869
reference_id
reference_type
scores
0
value 0.00248
scoring_system epss
scoring_elements 0.48037
published_at 2026-04-24T12:55:00Z
1
value 0.00248
scoring_system epss
scoring_elements 0.47985
published_at 2026-04-01T12:55:00Z
2
value 0.00248
scoring_system epss
scoring_elements 0.48023
published_at 2026-04-02T12:55:00Z
3
value 0.00248
scoring_system epss
scoring_elements 0.48044
published_at 2026-04-04T12:55:00Z
4
value 0.00248
scoring_system epss
scoring_elements 0.47994
published_at 2026-04-07T12:55:00Z
5
value 0.00248
scoring_system epss
scoring_elements 0.48047
published_at 2026-04-08T12:55:00Z
6
value 0.00248
scoring_system epss
scoring_elements 0.4804
published_at 2026-04-09T12:55:00Z
7
value 0.00248
scoring_system epss
scoring_elements 0.48065
published_at 2026-04-11T12:55:00Z
8
value 0.00248
scoring_system epss
scoring_elements 0.48041
published_at 2026-04-12T12:55:00Z
9
value 0.00248
scoring_system epss
scoring_elements 0.48053
published_at 2026-04-13T12:55:00Z
10
value 0.00248
scoring_system epss
scoring_elements 0.48105
published_at 2026-04-16T12:55:00Z
11
value 0.00248
scoring_system epss
scoring_elements 0.481
published_at 2026-04-18T12:55:00Z
12
value 0.00248
scoring_system epss
scoring_elements 0.48056
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39869
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39869
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6y4r-d3eu-hqcp
59
url VCID-6yhw-9sqw-zuge
vulnerability_id VCID-6yhw-9sqw-zuge
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22209
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.40248
published_at 2026-04-24T12:55:00Z
1
value 0.00186
scoring_system epss
scoring_elements 0.40353
published_at 2026-04-01T12:55:00Z
2
value 0.00186
scoring_system epss
scoring_elements 0.4044
published_at 2026-04-02T12:55:00Z
3
value 0.00186
scoring_system epss
scoring_elements 0.40466
published_at 2026-04-04T12:55:00Z
4
value 0.00186
scoring_system epss
scoring_elements 0.40389
published_at 2026-04-07T12:55:00Z
5
value 0.00186
scoring_system epss
scoring_elements 0.40441
published_at 2026-04-08T12:55:00Z
6
value 0.00186
scoring_system epss
scoring_elements 0.40452
published_at 2026-04-09T12:55:00Z
7
value 0.00186
scoring_system epss
scoring_elements 0.40473
published_at 2026-04-11T12:55:00Z
8
value 0.00186
scoring_system epss
scoring_elements 0.40435
published_at 2026-04-12T12:55:00Z
9
value 0.00186
scoring_system epss
scoring_elements 0.40416
published_at 2026-04-13T12:55:00Z
10
value 0.00186
scoring_system epss
scoring_elements 0.40464
published_at 2026-04-16T12:55:00Z
11
value 0.00186
scoring_system epss
scoring_elements 0.40432
published_at 2026-04-18T12:55:00Z
12
value 0.00186
scoring_system epss
scoring_elements 0.40357
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22209
1
reference_url https://security.archlinux.org/ASA-202105-4
reference_id ASA-202105-4
reference_type
scores
url https://security.archlinux.org/ASA-202105-4
2
reference_url https://security.archlinux.org/AVG-1888
reference_id AVG-1888
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1888
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22209
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6yhw-9sqw-zuge
60
url VCID-71j9-ra1c-6uhm
vulnerability_id VCID-71j9-ra1c-6uhm
summary Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39934
reference_id
reference_type
scores
0
value 0.00248
scoring_system epss
scoring_elements 0.48093
published_at 2026-04-24T12:55:00Z
1
value 0.00248
scoring_system epss
scoring_elements 0.48044
published_at 2026-04-01T12:55:00Z
2
value 0.00248
scoring_system epss
scoring_elements 0.48081
published_at 2026-04-02T12:55:00Z
3
value 0.00248
scoring_system epss
scoring_elements 0.48102
published_at 2026-04-04T12:55:00Z
4
value 0.00248
scoring_system epss
scoring_elements 0.48052
published_at 2026-04-07T12:55:00Z
5
value 0.00248
scoring_system epss
scoring_elements 0.48105
published_at 2026-04-08T12:55:00Z
6
value 0.00248
scoring_system epss
scoring_elements 0.481
published_at 2026-04-09T12:55:00Z
7
value 0.00248
scoring_system epss
scoring_elements 0.48123
published_at 2026-04-11T12:55:00Z
8
value 0.00248
scoring_system epss
scoring_elements 0.48099
published_at 2026-04-12T12:55:00Z
9
value 0.00248
scoring_system epss
scoring_elements 0.4811
published_at 2026-04-13T12:55:00Z
10
value 0.00248
scoring_system epss
scoring_elements 0.48163
published_at 2026-04-16T12:55:00Z
11
value 0.00248
scoring_system epss
scoring_elements 0.48158
published_at 2026-04-18T12:55:00Z
12
value 0.00248
scoring_system epss
scoring_elements 0.48112
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39934
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39934
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71j9-ra1c-6uhm
61
url VCID-748c-dwt8-quhs
vulnerability_id VCID-748c-dwt8-quhs
summary An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2243
reference_id
reference_type
scores
0
value 0.00183
scoring_system epss
scoring_elements 0.40114
published_at 2026-04-02T12:55:00Z
1
value 0.00183
scoring_system epss
scoring_elements 0.4014
published_at 2026-04-04T12:55:00Z
2
value 0.00183
scoring_system epss
scoring_elements 0.40061
published_at 2026-04-07T12:55:00Z
3
value 0.00183
scoring_system epss
scoring_elements 0.40113
published_at 2026-04-08T12:55:00Z
4
value 0.00183
scoring_system epss
scoring_elements 0.40127
published_at 2026-04-09T12:55:00Z
5
value 0.00183
scoring_system epss
scoring_elements 0.40136
published_at 2026-04-11T12:55:00Z
6
value 0.00183
scoring_system epss
scoring_elements 0.40099
published_at 2026-04-12T12:55:00Z
7
value 0.00183
scoring_system epss
scoring_elements 0.4008
published_at 2026-04-13T12:55:00Z
8
value 0.00183
scoring_system epss
scoring_elements 0.4013
published_at 2026-04-16T12:55:00Z
9
value 0.00183
scoring_system epss
scoring_elements 0.40101
published_at 2026-04-18T12:55:00Z
10
value 0.00183
scoring_system epss
scoring_elements 0.40023
published_at 2026-04-21T12:55:00Z
11
value 0.00183
scoring_system epss
scoring_elements 0.39851
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2243
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2243
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-748c-dwt8-quhs
62
url VCID-74tz-v2r7-4kfr
vulnerability_id VCID-74tz-v2r7-4kfr
summary Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3767
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.43967
published_at 2026-04-24T12:55:00Z
1
value 0.00215
scoring_system epss
scoring_elements 0.44091
published_at 2026-04-16T12:55:00Z
2
value 0.00215
scoring_system epss
scoring_elements 0.44082
published_at 2026-04-18T12:55:00Z
3
value 0.00215
scoring_system epss
scoring_elements 0.44016
published_at 2026-04-21T12:55:00Z
4
value 0.00215
scoring_system epss
scoring_elements 0.44055
published_at 2026-04-02T12:55:00Z
5
value 0.00215
scoring_system epss
scoring_elements 0.44078
published_at 2026-04-11T12:55:00Z
6
value 0.00215
scoring_system epss
scoring_elements 0.44009
published_at 2026-04-07T12:55:00Z
7
value 0.00215
scoring_system epss
scoring_elements 0.4406
published_at 2026-04-08T12:55:00Z
8
value 0.00215
scoring_system epss
scoring_elements 0.44062
published_at 2026-04-09T12:55:00Z
9
value 0.00215
scoring_system epss
scoring_elements 0.44045
published_at 2026-04-12T12:55:00Z
10
value 0.00215
scoring_system epss
scoring_elements 0.44029
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3767
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/377473
reference_id 377473
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T17:27:43Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/377473
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3767.json
reference_id CVE-2022-3767.json
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T17:27:43Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3767.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3767
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-74tz-v2r7-4kfr
63
url VCID-778s-qxnk-uuda
vulnerability_id VCID-778s-qxnk-uuda
summary Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22256
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45239
published_at 2026-04-24T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.4532
published_at 2026-04-02T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.45342
published_at 2026-04-04T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45285
published_at 2026-04-07T12:55:00Z
4
value 0.00226
scoring_system epss
scoring_elements 0.4534
published_at 2026-04-09T12:55:00Z
5
value 0.00226
scoring_system epss
scoring_elements 0.45362
published_at 2026-04-11T12:55:00Z
6
value 0.00226
scoring_system epss
scoring_elements 0.4533
published_at 2026-04-12T12:55:00Z
7
value 0.00226
scoring_system epss
scoring_elements 0.45332
published_at 2026-04-13T12:55:00Z
8
value 0.00226
scoring_system epss
scoring_elements 0.45383
published_at 2026-04-16T12:55:00Z
9
value 0.00226
scoring_system epss
scoring_elements 0.45379
published_at 2026-04-18T12:55:00Z
10
value 0.00226
scoring_system epss
scoring_elements 0.45329
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22256
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22256
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-778s-qxnk-uuda
64
url VCID-7fnb-yfbq-bfeh
vulnerability_id VCID-7fnb-yfbq-bfeh
summary A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22168
reference_id
reference_type
scores
0
value 0.00171
scoring_system epss
scoring_elements 0.38122
published_at 2026-04-24T12:55:00Z
1
value 0.00171
scoring_system epss
scoring_elements 0.3828
published_at 2026-04-01T12:55:00Z
2
value 0.00171
scoring_system epss
scoring_elements 0.38418
published_at 2026-04-02T12:55:00Z
3
value 0.00171
scoring_system epss
scoring_elements 0.38442
published_at 2026-04-04T12:55:00Z
4
value 0.00171
scoring_system epss
scoring_elements 0.38306
published_at 2026-04-07T12:55:00Z
5
value 0.00171
scoring_system epss
scoring_elements 0.38356
published_at 2026-04-08T12:55:00Z
6
value 0.00171
scoring_system epss
scoring_elements 0.38364
published_at 2026-04-09T12:55:00Z
7
value 0.00171
scoring_system epss
scoring_elements 0.38381
published_at 2026-04-11T12:55:00Z
8
value 0.00171
scoring_system epss
scoring_elements 0.38343
published_at 2026-04-12T12:55:00Z
9
value 0.00171
scoring_system epss
scoring_elements 0.38318
published_at 2026-04-13T12:55:00Z
10
value 0.00171
scoring_system epss
scoring_elements 0.38366
published_at 2026-04-16T12:55:00Z
11
value 0.00171
scoring_system epss
scoring_elements 0.38346
published_at 2026-04-18T12:55:00Z
12
value 0.00171
scoring_system epss
scoring_elements 0.38281
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22168
1
reference_url https://security.archlinux.org/ASA-202101-10
reference_id ASA-202101-10
reference_type
scores
url https://security.archlinux.org/ASA-202101-10
2
reference_url https://security.archlinux.org/AVG-1416
reference_id AVG-1416
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1416
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22168
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7fnb-yfbq-bfeh
65
url VCID-7h1s-s2pa-zbc6
vulnerability_id VCID-7h1s-s2pa-zbc6
summary A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing a malicious project.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2455
reference_id
reference_type
scores
0
value 0.00257
scoring_system epss
scoring_elements 0.4903
published_at 2026-04-12T12:55:00Z
1
value 0.00257
scoring_system epss
scoring_elements 0.49032
published_at 2026-04-24T12:55:00Z
2
value 0.00257
scoring_system epss
scoring_elements 0.49047
published_at 2026-04-21T12:55:00Z
3
value 0.00257
scoring_system epss
scoring_elements 0.49078
published_at 2026-04-18T12:55:00Z
4
value 0.00257
scoring_system epss
scoring_elements 0.49081
published_at 2026-04-16T12:55:00Z
5
value 0.00257
scoring_system epss
scoring_elements 0.49036
published_at 2026-04-13T12:55:00Z
6
value 0.00269
scoring_system epss
scoring_elements 0.50382
published_at 2026-04-07T12:55:00Z
7
value 0.00269
scoring_system epss
scoring_elements 0.50429
published_at 2026-04-09T12:55:00Z
8
value 0.00269
scoring_system epss
scoring_elements 0.504
published_at 2026-04-02T12:55:00Z
9
value 0.00269
scoring_system epss
scoring_elements 0.50435
published_at 2026-04-08T12:55:00Z
10
value 0.00269
scoring_system epss
scoring_elements 0.5047
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2455
1
reference_url https://hackerone.com/reports/1542230
reference_id 1542230
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:41:15Z/
url https://hackerone.com/reports/1542230
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/359964
reference_id 359964
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:41:15Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/359964
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2455.json
reference_id CVE-2022-2455.json
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:41:15Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2455.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2455
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7h1s-s2pa-zbc6
66
url VCID-7m1c-tbzh-fueb
vulnerability_id VCID-7m1c-tbzh-fueb
summary In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39881
reference_id
reference_type
scores
0
value 0.00252
scoring_system epss
scoring_elements 0.48582
published_at 2026-04-21T12:55:00Z
1
value 0.00252
scoring_system epss
scoring_elements 0.48511
published_at 2026-04-01T12:55:00Z
2
value 0.00252
scoring_system epss
scoring_elements 0.48546
published_at 2026-04-02T12:55:00Z
3
value 0.00252
scoring_system epss
scoring_elements 0.48569
published_at 2026-04-04T12:55:00Z
4
value 0.00252
scoring_system epss
scoring_elements 0.48521
published_at 2026-04-07T12:55:00Z
5
value 0.00252
scoring_system epss
scoring_elements 0.48575
published_at 2026-04-08T12:55:00Z
6
value 0.00252
scoring_system epss
scoring_elements 0.48571
published_at 2026-04-09T12:55:00Z
7
value 0.00252
scoring_system epss
scoring_elements 0.48593
published_at 2026-04-11T12:55:00Z
8
value 0.00252
scoring_system epss
scoring_elements 0.48566
published_at 2026-04-24T12:55:00Z
9
value 0.00252
scoring_system epss
scoring_elements 0.48578
published_at 2026-04-13T12:55:00Z
10
value 0.00252
scoring_system epss
scoring_elements 0.48629
published_at 2026-04-16T12:55:00Z
11
value 0.00252
scoring_system epss
scoring_elements 0.48624
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39881
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39881
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7m1c-tbzh-fueb
67
url VCID-7ndg-d3fs-67a3
vulnerability_id VCID-7ndg-d3fs-67a3
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the submodule URL parser.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3514
reference_id
reference_type
scores
0
value 0.00338
scoring_system epss
scoring_elements 0.56529
published_at 2026-04-24T12:55:00Z
1
value 0.00338
scoring_system epss
scoring_elements 0.56613
published_at 2026-04-12T12:55:00Z
2
value 0.00338
scoring_system epss
scoring_elements 0.56592
published_at 2026-04-13T12:55:00Z
3
value 0.00338
scoring_system epss
scoring_elements 0.56623
published_at 2026-04-16T12:55:00Z
4
value 0.00338
scoring_system epss
scoring_elements 0.56622
published_at 2026-04-18T12:55:00Z
5
value 0.00338
scoring_system epss
scoring_elements 0.56594
published_at 2026-04-21T12:55:00Z
6
value 0.00338
scoring_system epss
scoring_elements 0.56574
published_at 2026-04-02T12:55:00Z
7
value 0.00338
scoring_system epss
scoring_elements 0.56595
published_at 2026-04-04T12:55:00Z
8
value 0.00338
scoring_system epss
scoring_elements 0.56573
published_at 2026-04-07T12:55:00Z
9
value 0.00338
scoring_system epss
scoring_elements 0.56624
published_at 2026-04-08T12:55:00Z
10
value 0.00338
scoring_system epss
scoring_elements 0.56629
published_at 2026-04-09T12:55:00Z
11
value 0.00338
scoring_system epss
scoring_elements 0.56638
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3514
1
reference_url https://hackerone.com/reports/1727201
reference_id 1727201
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:55:35Z/
url https://hackerone.com/reports/1727201
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/377978
reference_id 377978
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:55:35Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/377978
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3514.json
reference_id CVE-2022-3514.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:55:35Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3514.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3514
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ndg-d3fs-67a3
68
url VCID-7rsn-cjes-gbe3
vulnerability_id VCID-7rsn-cjes-gbe3
summary An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4376
reference_id
reference_type
scores
0
value 0.00132
scoring_system epss
scoring_elements 0.32559
published_at 2026-04-24T12:55:00Z
1
value 0.00132
scoring_system epss
scoring_elements 0.32787
published_at 2026-04-11T12:55:00Z
2
value 0.00132
scoring_system epss
scoring_elements 0.32749
published_at 2026-04-12T12:55:00Z
3
value 0.00132
scoring_system epss
scoring_elements 0.32723
published_at 2026-04-13T12:55:00Z
4
value 0.00132
scoring_system epss
scoring_elements 0.32763
published_at 2026-04-16T12:55:00Z
5
value 0.00132
scoring_system epss
scoring_elements 0.32739
published_at 2026-04-18T12:55:00Z
6
value 0.00132
scoring_system epss
scoring_elements 0.32854
published_at 2026-04-02T12:55:00Z
7
value 0.00132
scoring_system epss
scoring_elements 0.32889
published_at 2026-04-04T12:55:00Z
8
value 0.00132
scoring_system epss
scoring_elements 0.3271
published_at 2026-04-21T12:55:00Z
9
value 0.00132
scoring_system epss
scoring_elements 0.32758
published_at 2026-04-08T12:55:00Z
10
value 0.00132
scoring_system epss
scoring_elements 0.32785
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4376
1
reference_url https://hackerone.com/reports/1794713
reference_id 1794713
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:38:12Z/
url https://hackerone.com/reports/1794713
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/385246
reference_id 385246
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:38:12Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/385246
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4376.json
reference_id CVE-2022-4376.json
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:38:12Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4376.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-4376
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7rsn-cjes-gbe3
69
url VCID-8129-3vg2-a7ba
vulnerability_id VCID-8129-3vg2-a7ba
summary An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2826
reference_id
reference_type
scores
0
value 0.00505
scoring_system epss
scoring_elements 0.66175
published_at 2026-04-02T12:55:00Z
1
value 0.00505
scoring_system epss
scoring_elements 0.66232
published_at 2026-04-09T12:55:00Z
2
value 0.00505
scoring_system epss
scoring_elements 0.66252
published_at 2026-04-11T12:55:00Z
3
value 0.00505
scoring_system epss
scoring_elements 0.6624
published_at 2026-04-12T12:55:00Z
4
value 0.00505
scoring_system epss
scoring_elements 0.66209
published_at 2026-04-13T12:55:00Z
5
value 0.00505
scoring_system epss
scoring_elements 0.66245
published_at 2026-04-16T12:55:00Z
6
value 0.00505
scoring_system epss
scoring_elements 0.66259
published_at 2026-04-18T12:55:00Z
7
value 0.00505
scoring_system epss
scoring_elements 0.66243
published_at 2026-04-21T12:55:00Z
8
value 0.00505
scoring_system epss
scoring_elements 0.66202
published_at 2026-04-04T12:55:00Z
9
value 0.00505
scoring_system epss
scoring_elements 0.66171
published_at 2026-04-07T12:55:00Z
10
value 0.00505
scoring_system epss
scoring_elements 0.66219
published_at 2026-04-08T12:55:00Z
11
value 0.00533
scoring_system epss
scoring_elements 0.67408
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2826
1
reference_url https://hackerone.com/reports/1646633
reference_id 1646633
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:23:50Z/
url https://hackerone.com/reports/1646633
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/370790
reference_id 370790
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:23:50Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/370790
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2826.json
reference_id CVE-2022-2826.json
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:23:50Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2826.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2826
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8129-3vg2-a7ba
70
url VCID-81kf-hxfb-n3fb
vulnerability_id VCID-81kf-hxfb-n3fb
summary In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39867
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.34517
published_at 2026-04-24T12:55:00Z
1
value 0.00145
scoring_system epss
scoring_elements 0.3464
published_at 2026-04-01T12:55:00Z
2
value 0.00145
scoring_system epss
scoring_elements 0.34856
published_at 2026-04-02T12:55:00Z
3
value 0.00145
scoring_system epss
scoring_elements 0.34883
published_at 2026-04-04T12:55:00Z
4
value 0.00145
scoring_system epss
scoring_elements 0.3476
published_at 2026-04-07T12:55:00Z
5
value 0.00145
scoring_system epss
scoring_elements 0.34804
published_at 2026-04-08T12:55:00Z
6
value 0.00145
scoring_system epss
scoring_elements 0.34833
published_at 2026-04-09T12:55:00Z
7
value 0.00145
scoring_system epss
scoring_elements 0.34839
published_at 2026-04-11T12:55:00Z
8
value 0.00145
scoring_system epss
scoring_elements 0.348
published_at 2026-04-12T12:55:00Z
9
value 0.00145
scoring_system epss
scoring_elements 0.34776
published_at 2026-04-13T12:55:00Z
10
value 0.00145
scoring_system epss
scoring_elements 0.34811
published_at 2026-04-16T12:55:00Z
11
value 0.00145
scoring_system epss
scoring_elements 0.34795
published_at 2026-04-18T12:55:00Z
12
value 0.00145
scoring_system epss
scoring_elements 0.34755
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39867
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39867
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-81kf-hxfb-n3fb
71
url VCID-84ef-nwwp-dbee
vulnerability_id VCID-84ef-nwwp-dbee
summary A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3265
reference_id
reference_type
scores
0
value 0.17702
scoring_system epss
scoring_elements 0.95126
published_at 2026-04-24T12:55:00Z
1
value 0.17702
scoring_system epss
scoring_elements 0.95111
published_at 2026-04-12T12:55:00Z
2
value 0.17702
scoring_system epss
scoring_elements 0.95114
published_at 2026-04-13T12:55:00Z
3
value 0.17702
scoring_system epss
scoring_elements 0.95121
published_at 2026-04-16T12:55:00Z
4
value 0.17702
scoring_system epss
scoring_elements 0.95124
published_at 2026-04-18T12:55:00Z
5
value 0.17702
scoring_system epss
scoring_elements 0.95127
published_at 2026-04-21T12:55:00Z
6
value 0.17702
scoring_system epss
scoring_elements 0.9509
published_at 2026-04-02T12:55:00Z
7
value 0.17702
scoring_system epss
scoring_elements 0.95091
published_at 2026-04-04T12:55:00Z
8
value 0.17702
scoring_system epss
scoring_elements 0.95093
published_at 2026-04-07T12:55:00Z
9
value 0.17702
scoring_system epss
scoring_elements 0.951
published_at 2026-04-08T12:55:00Z
10
value 0.17702
scoring_system epss
scoring_elements 0.95103
published_at 2026-04-09T12:55:00Z
11
value 0.17702
scoring_system epss
scoring_elements 0.95109
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3265
1
reference_url https://hackerone.com/reports/1693150
reference_id 1693150
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:25:51Z/
url https://hackerone.com/reports/1693150
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/374976
reference_id 374976
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:25:51Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/374976
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3265.json
reference_id CVE-2022-3265.json
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:25:51Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3265.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3265
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84ef-nwwp-dbee
72
url VCID-88wg-nv8x-67b9
vulnerability_id VCID-88wg-nv8x-67b9
summary In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39876
reference_id
reference_type
scores
0
value 0.00236
scoring_system epss
scoring_elements 0.46521
published_at 2026-04-01T12:55:00Z
1
value 0.00236
scoring_system epss
scoring_elements 0.4656
published_at 2026-04-02T12:55:00Z
2
value 0.00236
scoring_system epss
scoring_elements 0.46579
published_at 2026-04-04T12:55:00Z
3
value 0.00236
scoring_system epss
scoring_elements 0.46527
published_at 2026-04-07T12:55:00Z
4
value 0.00236
scoring_system epss
scoring_elements 0.46582
published_at 2026-04-09T12:55:00Z
5
value 0.00236
scoring_system epss
scoring_elements 0.46605
published_at 2026-04-11T12:55:00Z
6
value 0.00236
scoring_system epss
scoring_elements 0.46577
published_at 2026-04-12T12:55:00Z
7
value 0.00236
scoring_system epss
scoring_elements 0.46586
published_at 2026-04-13T12:55:00Z
8
value 0.00236
scoring_system epss
scoring_elements 0.46642
published_at 2026-04-16T12:55:00Z
9
value 0.00236
scoring_system epss
scoring_elements 0.4664
published_at 2026-04-18T12:55:00Z
10
value 0.00236
scoring_system epss
scoring_elements 0.46587
published_at 2026-04-21T12:55:00Z
11
value 0.00236
scoring_system epss
scoring_elements 0.46569
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39876
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39876
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-88wg-nv8x-67b9
73
url VCID-8ahg-hgub-43b5
vulnerability_id VCID-8ahg-hgub-43b5
summary A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22217
reference_id
reference_type
scores
0
value 0.0068
scoring_system epss
scoring_elements 0.71649
published_at 2026-04-24T12:55:00Z
1
value 0.0068
scoring_system epss
scoring_elements 0.71532
published_at 2026-04-01T12:55:00Z
2
value 0.0068
scoring_system epss
scoring_elements 0.71539
published_at 2026-04-02T12:55:00Z
3
value 0.0068
scoring_system epss
scoring_elements 0.71557
published_at 2026-04-04T12:55:00Z
4
value 0.0068
scoring_system epss
scoring_elements 0.7153
published_at 2026-04-07T12:55:00Z
5
value 0.0068
scoring_system epss
scoring_elements 0.7157
published_at 2026-04-08T12:55:00Z
6
value 0.0068
scoring_system epss
scoring_elements 0.71581
published_at 2026-04-09T12:55:00Z
7
value 0.0068
scoring_system epss
scoring_elements 0.71603
published_at 2026-04-11T12:55:00Z
8
value 0.0068
scoring_system epss
scoring_elements 0.71588
published_at 2026-04-12T12:55:00Z
9
value 0.0068
scoring_system epss
scoring_elements 0.71569
published_at 2026-04-13T12:55:00Z
10
value 0.0068
scoring_system epss
scoring_elements 0.71614
published_at 2026-04-16T12:55:00Z
11
value 0.0068
scoring_system epss
scoring_elements 0.71619
published_at 2026-04-18T12:55:00Z
12
value 0.0068
scoring_system epss
scoring_elements 0.71599
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22217
1
reference_url https://security.archlinux.org/ASA-202106-21
reference_id ASA-202106-21
reference_type
scores
url https://security.archlinux.org/ASA-202106-21
2
reference_url https://security.archlinux.org/AVG-2023
reference_id AVG-2023
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2023
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22217
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8ahg-hgub-43b5
74
url VCID-8bfc-6wzz-f3cw
vulnerability_id VCID-8bfc-6wzz-f3cw
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2882
reference_id
reference_type
scores
0
value 0.01044
scoring_system epss
scoring_elements 0.77534
published_at 2026-04-24T12:55:00Z
1
value 0.01277
scoring_system epss
scoring_elements 0.79545
published_at 2026-04-08T12:55:00Z
2
value 0.01277
scoring_system epss
scoring_elements 0.79575
published_at 2026-04-11T12:55:00Z
3
value 0.01277
scoring_system epss
scoring_elements 0.79558
published_at 2026-04-12T12:55:00Z
4
value 0.01277
scoring_system epss
scoring_elements 0.7955
published_at 2026-04-13T12:55:00Z
5
value 0.01277
scoring_system epss
scoring_elements 0.7958
published_at 2026-04-16T12:55:00Z
6
value 0.01277
scoring_system epss
scoring_elements 0.79578
published_at 2026-04-18T12:55:00Z
7
value 0.01277
scoring_system epss
scoring_elements 0.79583
published_at 2026-04-21T12:55:00Z
8
value 0.01277
scoring_system epss
scoring_elements 0.79531
published_at 2026-04-04T12:55:00Z
9
value 0.01277
scoring_system epss
scoring_elements 0.79517
published_at 2026-04-07T12:55:00Z
10
value 0.01277
scoring_system epss
scoring_elements 0.79508
published_at 2026-04-02T12:55:00Z
11
value 0.01277
scoring_system epss
scoring_elements 0.79553
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2882
1
reference_url https://hackerone.com/reports/1656722
reference_id 1656722
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:08:33Z/
url https://hackerone.com/reports/1656722
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/371082
reference_id 371082
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:08:33Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/371082
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2882.json
reference_id CVE-2022-2882.json
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:08:33Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2882.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2882
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8bfc-6wzz-f3cw
75
url VCID-8cdk-uue7-jyfa
vulnerability_id VCID-8cdk-uue7-jyfa
summary An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1787
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.53623
published_at 2026-04-04T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.53595
published_at 2026-04-02T12:55:00Z
2
value 0.0051
scoring_system epss
scoring_elements 0.66472
published_at 2026-04-24T12:55:00Z
3
value 0.0051
scoring_system epss
scoring_elements 0.66411
published_at 2026-04-13T12:55:00Z
4
value 0.0051
scoring_system epss
scoring_elements 0.66447
published_at 2026-04-16T12:55:00Z
5
value 0.0051
scoring_system epss
scoring_elements 0.66464
published_at 2026-04-18T12:55:00Z
6
value 0.0051
scoring_system epss
scoring_elements 0.66449
published_at 2026-04-21T12:55:00Z
7
value 0.0051
scoring_system epss
scoring_elements 0.66371
published_at 2026-04-07T12:55:00Z
8
value 0.0051
scoring_system epss
scoring_elements 0.6642
published_at 2026-04-08T12:55:00Z
9
value 0.0051
scoring_system epss
scoring_elements 0.66434
published_at 2026-04-09T12:55:00Z
10
value 0.0051
scoring_system epss
scoring_elements 0.66453
published_at 2026-04-11T12:55:00Z
11
value 0.0051
scoring_system epss
scoring_elements 0.66441
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1787
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/394817
reference_id 394817
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:42:14Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/394817
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1787.json
reference_id CVE-2023-1787.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:42:14Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1787.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-1787
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8cdk-uue7-jyfa
76
url VCID-8hjj-ta47-mqe6
vulnerability_id VCID-8hjj-ta47-mqe6
summary Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39927
reference_id
reference_type
scores
0
value 0.00143
scoring_system epss
scoring_elements 0.34474
published_at 2026-04-01T12:55:00Z
1
value 0.00143
scoring_system epss
scoring_elements 0.34693
published_at 2026-04-02T12:55:00Z
2
value 0.00143
scoring_system epss
scoring_elements 0.3472
published_at 2026-04-04T12:55:00Z
3
value 0.00143
scoring_system epss
scoring_elements 0.34596
published_at 2026-04-07T12:55:00Z
4
value 0.00143
scoring_system epss
scoring_elements 0.3464
published_at 2026-04-08T12:55:00Z
5
value 0.00143
scoring_system epss
scoring_elements 0.34669
published_at 2026-04-09T12:55:00Z
6
value 0.00143
scoring_system epss
scoring_elements 0.34672
published_at 2026-04-11T12:55:00Z
7
value 0.00143
scoring_system epss
scoring_elements 0.34632
published_at 2026-04-12T12:55:00Z
8
value 0.00143
scoring_system epss
scoring_elements 0.34608
published_at 2026-04-13T12:55:00Z
9
value 0.00143
scoring_system epss
scoring_elements 0.34647
published_at 2026-04-16T12:55:00Z
10
value 0.00143
scoring_system epss
scoring_elements 0.34633
published_at 2026-04-18T12:55:00Z
11
value 0.00143
scoring_system epss
scoring_elements 0.34594
published_at 2026-04-21T12:55:00Z
12
value 0.00143
scoring_system epss
scoring_elements 0.34357
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39927
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39927
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8hjj-ta47-mqe6
77
url VCID-8jau-mjwe-83dz
vulnerability_id VCID-8jau-mjwe-83dz
summary A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2592
reference_id
reference_type
scores
0
value 0.0039
scoring_system epss
scoring_elements 0.60092
published_at 2026-04-12T12:55:00Z
1
value 0.0039
scoring_system epss
scoring_elements 0.60076
published_at 2026-04-24T12:55:00Z
2
value 0.0039
scoring_system epss
scoring_elements 0.60107
published_at 2026-04-21T12:55:00Z
3
value 0.0039
scoring_system epss
scoring_elements 0.6012
published_at 2026-04-18T12:55:00Z
4
value 0.0039
scoring_system epss
scoring_elements 0.60113
published_at 2026-04-16T12:55:00Z
5
value 0.0039
scoring_system epss
scoring_elements 0.60075
published_at 2026-04-13T12:55:00Z
6
value 0.0041
scoring_system epss
scoring_elements 0.61326
published_at 2026-04-08T12:55:00Z
7
value 0.0041
scoring_system epss
scoring_elements 0.6131
published_at 2026-04-04T12:55:00Z
8
value 0.0041
scoring_system epss
scoring_elements 0.61279
published_at 2026-04-07T12:55:00Z
9
value 0.0041
scoring_system epss
scoring_elements 0.61282
published_at 2026-04-02T12:55:00Z
10
value 0.0041
scoring_system epss
scoring_elements 0.61341
published_at 2026-04-09T12:55:00Z
11
value 0.0041
scoring_system epss
scoring_elements 0.61362
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2592
1
reference_url https://hackerone.com/reports/1544507
reference_id 1544507
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:16:23Z/
url https://hackerone.com/reports/1544507
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/362566
reference_id 362566
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:16:23Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/362566
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json
reference_id CVE-2022-2592.json
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:16:23Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2592
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8jau-mjwe-83dz
78
url VCID-8kts-dur1-jfc6
vulnerability_id VCID-8kts-dur1-jfc6
summary A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3288
reference_id
reference_type
scores
0
value 0.00155
scoring_system epss
scoring_elements 0.35997
published_at 2026-04-24T12:55:00Z
1
value 0.00155
scoring_system epss
scoring_elements 0.36278
published_at 2026-04-12T12:55:00Z
2
value 0.00155
scoring_system epss
scoring_elements 0.36254
published_at 2026-04-13T12:55:00Z
3
value 0.00155
scoring_system epss
scoring_elements 0.36298
published_at 2026-04-16T12:55:00Z
4
value 0.00155
scoring_system epss
scoring_elements 0.36282
published_at 2026-04-18T12:55:00Z
5
value 0.00155
scoring_system epss
scoring_elements 0.3623
published_at 2026-04-21T12:55:00Z
6
value 0.00155
scoring_system epss
scoring_elements 0.3637
published_at 2026-04-02T12:55:00Z
7
value 0.00155
scoring_system epss
scoring_elements 0.36403
published_at 2026-04-04T12:55:00Z
8
value 0.00155
scoring_system epss
scoring_elements 0.36237
published_at 2026-04-07T12:55:00Z
9
value 0.00155
scoring_system epss
scoring_elements 0.36287
published_at 2026-04-08T12:55:00Z
10
value 0.00155
scoring_system epss
scoring_elements 0.36309
published_at 2026-04-09T12:55:00Z
11
value 0.00155
scoring_system epss
scoring_elements 0.36315
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3288
1
reference_url https://hackerone.com/reports/1498354
reference_id 1498354
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:43:30Z/
url https://hackerone.com/reports/1498354
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/354948
reference_id 354948
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:43:30Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/354948
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3288.json
reference_id CVE-2022-3288.json
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:43:30Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3288.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3288
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8kts-dur1-jfc6
79
url VCID-8scy-batx-u3gc
vulnerability_id VCID-8scy-batx-u3gc
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1188
reference_id
reference_type
scores
0
value 0.00325
scoring_system epss
scoring_elements 0.55388
published_at 2026-04-01T12:55:00Z
1
value 0.00325
scoring_system epss
scoring_elements 0.55499
published_at 2026-04-02T12:55:00Z
2
value 0.00325
scoring_system epss
scoring_elements 0.55524
published_at 2026-04-13T12:55:00Z
3
value 0.00325
scoring_system epss
scoring_elements 0.55501
published_at 2026-04-07T12:55:00Z
4
value 0.00325
scoring_system epss
scoring_elements 0.55552
published_at 2026-04-08T12:55:00Z
5
value 0.00325
scoring_system epss
scoring_elements 0.55553
published_at 2026-04-09T12:55:00Z
6
value 0.00325
scoring_system epss
scoring_elements 0.55562
published_at 2026-04-11T12:55:00Z
7
value 0.00325
scoring_system epss
scoring_elements 0.55542
published_at 2026-04-12T12:55:00Z
8
value 0.00325
scoring_system epss
scoring_elements 0.55561
published_at 2026-04-16T12:55:00Z
9
value 0.00325
scoring_system epss
scoring_elements 0.55565
published_at 2026-04-18T12:55:00Z
10
value 0.00325
scoring_system epss
scoring_elements 0.55543
published_at 2026-04-21T12:55:00Z
11
value 0.00325
scoring_system epss
scoring_elements 0.55468
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1188
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1188
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8scy-batx-u3gc
80
url VCID-91q4-53ex-4qfc
vulnerability_id VCID-91q4-53ex-4qfc
summary An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0477
reference_id
reference_type
scores
0
value 0.00187
scoring_system epss
scoring_elements 0.40515
published_at 2026-04-01T12:55:00Z
1
value 0.00187
scoring_system epss
scoring_elements 0.40597
published_at 2026-04-02T12:55:00Z
2
value 0.00187
scoring_system epss
scoring_elements 0.40624
published_at 2026-04-11T12:55:00Z
3
value 0.00187
scoring_system epss
scoring_elements 0.40546
published_at 2026-04-07T12:55:00Z
4
value 0.00187
scoring_system epss
scoring_elements 0.40596
published_at 2026-04-08T12:55:00Z
5
value 0.00187
scoring_system epss
scoring_elements 0.40606
published_at 2026-04-09T12:55:00Z
6
value 0.00187
scoring_system epss
scoring_elements 0.40587
published_at 2026-04-12T12:55:00Z
7
value 0.00187
scoring_system epss
scoring_elements 0.40568
published_at 2026-04-13T12:55:00Z
8
value 0.00187
scoring_system epss
scoring_elements 0.40614
published_at 2026-04-16T12:55:00Z
9
value 0.00187
scoring_system epss
scoring_elements 0.40583
published_at 2026-04-18T12:55:00Z
10
value 0.00187
scoring_system epss
scoring_elements 0.40505
published_at 2026-04-21T12:55:00Z
11
value 0.00187
scoring_system epss
scoring_elements 0.40403
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0477
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0477
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91q4-53ex-4qfc
81
url VCID-92x8-rmhg-zuh6
vulnerability_id VCID-92x8-rmhg-zuh6
summary An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an unverified secondary email.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2326
reference_id
reference_type
scores
0
value 0.00245
scoring_system epss
scoring_elements 0.47788
published_at 2026-04-24T12:55:00Z
1
value 0.00245
scoring_system epss
scoring_elements 0.47777
published_at 2026-04-02T12:55:00Z
2
value 0.00245
scoring_system epss
scoring_elements 0.47796
published_at 2026-04-12T12:55:00Z
3
value 0.00245
scoring_system epss
scoring_elements 0.47745
published_at 2026-04-07T12:55:00Z
4
value 0.00245
scoring_system epss
scoring_elements 0.478
published_at 2026-04-08T12:55:00Z
5
value 0.00245
scoring_system epss
scoring_elements 0.47795
published_at 2026-04-09T12:55:00Z
6
value 0.00245
scoring_system epss
scoring_elements 0.4782
published_at 2026-04-11T12:55:00Z
7
value 0.00245
scoring_system epss
scoring_elements 0.47806
published_at 2026-04-21T12:55:00Z
8
value 0.00245
scoring_system epss
scoring_elements 0.4786
published_at 2026-04-16T12:55:00Z
9
value 0.00245
scoring_system epss
scoring_elements 0.47853
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2326
1
reference_url https://security.archlinux.org/AVG-2785
reference_id AVG-2785
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2785
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2326
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-92x8-rmhg-zuh6
82
url VCID-94b4-ux8y-13c7
vulnerability_id VCID-94b4-ux8y-13c7
summary An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3018
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.4531
published_at 2026-04-24T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45451
published_at 2026-04-16T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.45447
published_at 2026-04-18T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45397
published_at 2026-04-21T12:55:00Z
4
value 0.00226
scoring_system epss
scoring_elements 0.45388
published_at 2026-04-02T12:55:00Z
5
value 0.00226
scoring_system epss
scoring_elements 0.45408
published_at 2026-04-04T12:55:00Z
6
value 0.00226
scoring_system epss
scoring_elements 0.45351
published_at 2026-04-07T12:55:00Z
7
value 0.00226
scoring_system epss
scoring_elements 0.45407
published_at 2026-04-09T12:55:00Z
8
value 0.00226
scoring_system epss
scoring_elements 0.45429
published_at 2026-04-11T12:55:00Z
9
value 0.00226
scoring_system epss
scoring_elements 0.45398
published_at 2026-04-12T12:55:00Z
10
value 0.00226
scoring_system epss
scoring_elements 0.454
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3018
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/360938
reference_id 360938
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:36:05Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/360938
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3018.json
reference_id CVE-2022-3018.json
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:36:05Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3018.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3018
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-94b4-ux8y-13c7
83
url VCID-989x-8yn6-eqc8
vulnerability_id VCID-989x-8yn6-eqc8
summary A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39937
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.35371
published_at 2026-04-24T12:55:00Z
1
value 0.00151
scoring_system epss
scoring_elements 0.35511
published_at 2026-04-01T12:55:00Z
2
value 0.00151
scoring_system epss
scoring_elements 0.35713
published_at 2026-04-02T12:55:00Z
3
value 0.00151
scoring_system epss
scoring_elements 0.35738
published_at 2026-04-04T12:55:00Z
4
value 0.00151
scoring_system epss
scoring_elements 0.35619
published_at 2026-04-07T12:55:00Z
5
value 0.00151
scoring_system epss
scoring_elements 0.35665
published_at 2026-04-08T12:55:00Z
6
value 0.00151
scoring_system epss
scoring_elements 0.35688
published_at 2026-04-09T12:55:00Z
7
value 0.00151
scoring_system epss
scoring_elements 0.35698
published_at 2026-04-11T12:55:00Z
8
value 0.00151
scoring_system epss
scoring_elements 0.35653
published_at 2026-04-12T12:55:00Z
9
value 0.00151
scoring_system epss
scoring_elements 0.35631
published_at 2026-04-13T12:55:00Z
10
value 0.00151
scoring_system epss
scoring_elements 0.3567
published_at 2026-04-16T12:55:00Z
11
value 0.00151
scoring_system epss
scoring_elements 0.35661
published_at 2026-04-18T12:55:00Z
12
value 0.00151
scoring_system epss
scoring_elements 0.35609
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39937
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39937
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-989x-8yn6-eqc8
84
url VCID-99uy-2jrp-u7cx
vulnerability_id VCID-99uy-2jrp-u7cx
summary Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39936
reference_id
reference_type
scores
0
value 0.00342
scoring_system epss
scoring_elements 0.56857
published_at 2026-04-24T12:55:00Z
1
value 0.00342
scoring_system epss
scoring_elements 0.56802
published_at 2026-04-01T12:55:00Z
2
value 0.00342
scoring_system epss
scoring_elements 0.56896
published_at 2026-04-02T12:55:00Z
3
value 0.00342
scoring_system epss
scoring_elements 0.56918
published_at 2026-04-04T12:55:00Z
4
value 0.00342
scoring_system epss
scoring_elements 0.56894
published_at 2026-04-07T12:55:00Z
5
value 0.00342
scoring_system epss
scoring_elements 0.56946
published_at 2026-04-08T12:55:00Z
6
value 0.00342
scoring_system epss
scoring_elements 0.56949
published_at 2026-04-09T12:55:00Z
7
value 0.00342
scoring_system epss
scoring_elements 0.56957
published_at 2026-04-11T12:55:00Z
8
value 0.00342
scoring_system epss
scoring_elements 0.56937
published_at 2026-04-12T12:55:00Z
9
value 0.00342
scoring_system epss
scoring_elements 0.56914
published_at 2026-04-13T12:55:00Z
10
value 0.00342
scoring_system epss
scoring_elements 0.56943
published_at 2026-04-16T12:55:00Z
11
value 0.00342
scoring_system epss
scoring_elements 0.5694
published_at 2026-04-18T12:55:00Z
12
value 0.00342
scoring_system epss
scoring_elements 0.56917
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39936
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39936
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-99uy-2jrp-u7cx
85
url VCID-9cvy-mzhc-ukhu
vulnerability_id VCID-9cvy-mzhc-ukhu
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2497
reference_id
reference_type
scores
0
value 0.0159
scoring_system epss
scoring_elements 0.81693
published_at 2026-04-24T12:55:00Z
1
value 0.0159
scoring_system epss
scoring_elements 0.81577
published_at 2026-04-02T12:55:00Z
2
value 0.0159
scoring_system epss
scoring_elements 0.81598
published_at 2026-04-04T12:55:00Z
3
value 0.0159
scoring_system epss
scoring_elements 0.81596
published_at 2026-04-07T12:55:00Z
4
value 0.0159
scoring_system epss
scoring_elements 0.81623
published_at 2026-04-08T12:55:00Z
5
value 0.0159
scoring_system epss
scoring_elements 0.81629
published_at 2026-04-13T12:55:00Z
6
value 0.0159
scoring_system epss
scoring_elements 0.81649
published_at 2026-04-11T12:55:00Z
7
value 0.0159
scoring_system epss
scoring_elements 0.81636
published_at 2026-04-12T12:55:00Z
8
value 0.0159
scoring_system epss
scoring_elements 0.81667
published_at 2026-04-16T12:55:00Z
9
value 0.0159
scoring_system epss
scoring_elements 0.81666
published_at 2026-04-18T12:55:00Z
10
value 0.0159
scoring_system epss
scoring_elements 0.8167
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2497
1
reference_url https://security.archlinux.org/AVG-2785
reference_id AVG-2785
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2785
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2497
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9cvy-mzhc-ukhu
86
url VCID-9f4x-xbya-sqgu
vulnerability_id VCID-9f4x-xbya-sqgu
summary In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39870
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.31204
published_at 2026-04-24T12:55:00Z
1
value 0.00123
scoring_system epss
scoring_elements 0.31384
published_at 2026-04-01T12:55:00Z
2
value 0.00123
scoring_system epss
scoring_elements 0.31521
published_at 2026-04-02T12:55:00Z
3
value 0.00123
scoring_system epss
scoring_elements 0.31563
published_at 2026-04-04T12:55:00Z
4
value 0.00123
scoring_system epss
scoring_elements 0.31381
published_at 2026-04-07T12:55:00Z
5
value 0.00123
scoring_system epss
scoring_elements 0.31434
published_at 2026-04-08T12:55:00Z
6
value 0.00123
scoring_system epss
scoring_elements 0.31465
published_at 2026-04-09T12:55:00Z
7
value 0.00123
scoring_system epss
scoring_elements 0.31468
published_at 2026-04-11T12:55:00Z
8
value 0.00123
scoring_system epss
scoring_elements 0.31425
published_at 2026-04-12T12:55:00Z
9
value 0.00123
scoring_system epss
scoring_elements 0.31389
published_at 2026-04-13T12:55:00Z
10
value 0.00123
scoring_system epss
scoring_elements 0.31422
published_at 2026-04-16T12:55:00Z
11
value 0.00123
scoring_system epss
scoring_elements 0.31402
published_at 2026-04-18T12:55:00Z
12
value 0.00123
scoring_system epss
scoring_elements 0.31373
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39870
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39870
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9f4x-xbya-sqgu
87
url VCID-9j1e-jgs8-pqcy
vulnerability_id VCID-9j1e-jgs8-pqcy
summary Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1936
reference_id
reference_type
scores
0
value 0.00168
scoring_system epss
scoring_elements 0.37891
published_at 2026-04-01T12:55:00Z
1
value 0.00168
scoring_system epss
scoring_elements 0.38052
published_at 2026-04-02T12:55:00Z
2
value 0.00168
scoring_system epss
scoring_elements 0.38076
published_at 2026-04-04T12:55:00Z
3
value 0.00168
scoring_system epss
scoring_elements 0.37958
published_at 2026-04-07T12:55:00Z
4
value 0.00168
scoring_system epss
scoring_elements 0.38008
published_at 2026-04-08T12:55:00Z
5
value 0.00168
scoring_system epss
scoring_elements 0.38019
published_at 2026-04-09T12:55:00Z
6
value 0.00168
scoring_system epss
scoring_elements 0.38036
published_at 2026-04-11T12:55:00Z
7
value 0.00168
scoring_system epss
scoring_elements 0.38
published_at 2026-04-18T12:55:00Z
8
value 0.00168
scoring_system epss
scoring_elements 0.37975
published_at 2026-04-13T12:55:00Z
9
value 0.00168
scoring_system epss
scoring_elements 0.3802
published_at 2026-04-16T12:55:00Z
10
value 0.00168
scoring_system epss
scoring_elements 0.37938
published_at 2026-04-21T12:55:00Z
11
value 0.00168
scoring_system epss
scoring_elements 0.37725
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1936
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1936
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9j1e-jgs8-pqcy
88
url VCID-9mm8-knzf-a3gb
vulnerability_id VCID-9mm8-knzf-a3gb
summary Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39945
reference_id
reference_type
scores
0
value 0.00244
scoring_system epss
scoring_elements 0.47679
published_at 2026-04-24T12:55:00Z
1
value 0.00244
scoring_system epss
scoring_elements 0.47628
published_at 2026-04-01T12:55:00Z
2
value 0.00244
scoring_system epss
scoring_elements 0.47666
published_at 2026-04-02T12:55:00Z
3
value 0.00244
scoring_system epss
scoring_elements 0.47687
published_at 2026-04-09T12:55:00Z
4
value 0.00244
scoring_system epss
scoring_elements 0.47636
published_at 2026-04-07T12:55:00Z
5
value 0.00244
scoring_system epss
scoring_elements 0.47691
published_at 2026-04-08T12:55:00Z
6
value 0.00244
scoring_system epss
scoring_elements 0.47711
published_at 2026-04-11T12:55:00Z
7
value 0.00244
scoring_system epss
scoring_elements 0.47688
published_at 2026-04-12T12:55:00Z
8
value 0.00244
scoring_system epss
scoring_elements 0.47697
published_at 2026-04-13T12:55:00Z
9
value 0.00244
scoring_system epss
scoring_elements 0.47753
published_at 2026-04-16T12:55:00Z
10
value 0.00244
scoring_system epss
scoring_elements 0.47746
published_at 2026-04-18T12:55:00Z
11
value 0.00244
scoring_system epss
scoring_elements 0.47698
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39945
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39945
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mm8-knzf-a3gb
89
url VCID-9nwv-15ru-q7an
vulnerability_id VCID-9nwv-15ru-q7an
summary When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1944
reference_id
reference_type
scores
0
value 0.00162
scoring_system epss
scoring_elements 0.37061
published_at 2026-04-01T12:55:00Z
1
value 0.00162
scoring_system epss
scoring_elements 0.37227
published_at 2026-04-02T12:55:00Z
2
value 0.00162
scoring_system epss
scoring_elements 0.37254
published_at 2026-04-04T12:55:00Z
3
value 0.00162
scoring_system epss
scoring_elements 0.37085
published_at 2026-04-07T12:55:00Z
4
value 0.00162
scoring_system epss
scoring_elements 0.37137
published_at 2026-04-08T12:55:00Z
5
value 0.00162
scoring_system epss
scoring_elements 0.3715
published_at 2026-04-09T12:55:00Z
6
value 0.00162
scoring_system epss
scoring_elements 0.37161
published_at 2026-04-11T12:55:00Z
7
value 0.00162
scoring_system epss
scoring_elements 0.37126
published_at 2026-04-12T12:55:00Z
8
value 0.00162
scoring_system epss
scoring_elements 0.37099
published_at 2026-04-13T12:55:00Z
9
value 0.00162
scoring_system epss
scoring_elements 0.37146
published_at 2026-04-16T12:55:00Z
10
value 0.00162
scoring_system epss
scoring_elements 0.37128
published_at 2026-04-18T12:55:00Z
11
value 0.00162
scoring_system epss
scoring_elements 0.37072
published_at 2026-04-21T12:55:00Z
12
value 0.00162
scoring_system epss
scoring_elements 0.36847
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1944
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1944
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nwv-15ru-q7an
90
url VCID-9r8y-4a6r-77hu
vulnerability_id VCID-9r8y-4a6r-77hu
summary In all versions of GitLab, marshalled session keys were being stored in Redis.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22194
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.10361
published_at 2026-04-01T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.1048
published_at 2026-04-02T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.10548
published_at 2026-04-04T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.10413
published_at 2026-04-07T12:55:00Z
4
value 0.00036
scoring_system epss
scoring_elements 0.10486
published_at 2026-04-08T12:55:00Z
5
value 0.00036
scoring_system epss
scoring_elements 0.10554
published_at 2026-04-09T12:55:00Z
6
value 0.00036
scoring_system epss
scoring_elements 0.10583
published_at 2026-04-11T12:55:00Z
7
value 0.00036
scoring_system epss
scoring_elements 0.10551
published_at 2026-04-12T12:55:00Z
8
value 0.00036
scoring_system epss
scoring_elements 0.10528
published_at 2026-04-13T12:55:00Z
9
value 0.00036
scoring_system epss
scoring_elements 0.10394
published_at 2026-04-16T12:55:00Z
10
value 0.00036
scoring_system epss
scoring_elements 0.1038
published_at 2026-04-18T12:55:00Z
11
value 0.00036
scoring_system epss
scoring_elements 0.10508
published_at 2026-04-21T12:55:00Z
12
value 0.00036
scoring_system epss
scoring_elements 0.10493
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22194
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22194
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9r8y-4a6r-77hu
91
url VCID-9tyu-gmse-f3cj
vulnerability_id VCID-9tyu-gmse-f3cj
summary A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39887
reference_id
reference_type
scores
0
value 0.00202
scoring_system epss
scoring_elements 0.42194
published_at 2026-04-24T12:55:00Z
1
value 0.00202
scoring_system epss
scoring_elements 0.42251
published_at 2026-04-01T12:55:00Z
2
value 0.00202
scoring_system epss
scoring_elements 0.42326
published_at 2026-04-02T12:55:00Z
3
value 0.00202
scoring_system epss
scoring_elements 0.42354
published_at 2026-04-04T12:55:00Z
4
value 0.00202
scoring_system epss
scoring_elements 0.42296
published_at 2026-04-07T12:55:00Z
5
value 0.00202
scoring_system epss
scoring_elements 0.42344
published_at 2026-04-08T12:55:00Z
6
value 0.00202
scoring_system epss
scoring_elements 0.42351
published_at 2026-04-09T12:55:00Z
7
value 0.00202
scoring_system epss
scoring_elements 0.42374
published_at 2026-04-11T12:55:00Z
8
value 0.00202
scoring_system epss
scoring_elements 0.42337
published_at 2026-04-12T12:55:00Z
9
value 0.00202
scoring_system epss
scoring_elements 0.42309
published_at 2026-04-13T12:55:00Z
10
value 0.00202
scoring_system epss
scoring_elements 0.42359
published_at 2026-04-16T12:55:00Z
11
value 0.00202
scoring_system epss
scoring_elements 0.42335
published_at 2026-04-18T12:55:00Z
12
value 0.00202
scoring_system epss
scoring_elements 0.42262
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39887
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39887
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9tyu-gmse-f3cj
92
url VCID-9wuq-32s1-nydy
vulnerability_id VCID-9wuq-32s1-nydy
summary Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39915
reference_id
reference_type
scores
0
value 0.00269
scoring_system epss
scoring_elements 0.50394
published_at 2026-04-24T12:55:00Z
1
value 0.00269
scoring_system epss
scoring_elements 0.50338
published_at 2026-04-01T12:55:00Z
2
value 0.00269
scoring_system epss
scoring_elements 0.50393
published_at 2026-04-02T12:55:00Z
3
value 0.00269
scoring_system epss
scoring_elements 0.50423
published_at 2026-04-04T12:55:00Z
4
value 0.00269
scoring_system epss
scoring_elements 0.50375
published_at 2026-04-07T12:55:00Z
5
value 0.00269
scoring_system epss
scoring_elements 0.50429
published_at 2026-04-08T12:55:00Z
6
value 0.00269
scoring_system epss
scoring_elements 0.50422
published_at 2026-04-09T12:55:00Z
7
value 0.00269
scoring_system epss
scoring_elements 0.50463
published_at 2026-04-11T12:55:00Z
8
value 0.00269
scoring_system epss
scoring_elements 0.5044
published_at 2026-04-12T12:55:00Z
9
value 0.00269
scoring_system epss
scoring_elements 0.50425
published_at 2026-04-13T12:55:00Z
10
value 0.00269
scoring_system epss
scoring_elements 0.50468
published_at 2026-04-16T12:55:00Z
11
value 0.00269
scoring_system epss
scoring_elements 0.50472
published_at 2026-04-18T12:55:00Z
12
value 0.00269
scoring_system epss
scoring_elements 0.50449
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39915
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39915
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9wuq-32s1-nydy
93
url VCID-9xax-zz2y-v7gf
vulnerability_id VCID-9xax-zz2y-v7gf
summary An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3478
reference_id
reference_type
scores
0
value 0.00197
scoring_system epss
scoring_elements 0.41616
published_at 2026-04-24T12:55:00Z
1
value 0.00197
scoring_system epss
scoring_elements 0.41758
published_at 2026-04-12T12:55:00Z
2
value 0.00197
scoring_system epss
scoring_elements 0.41744
published_at 2026-04-13T12:55:00Z
3
value 0.00197
scoring_system epss
scoring_elements 0.4179
published_at 2026-04-16T12:55:00Z
4
value 0.00197
scoring_system epss
scoring_elements 0.41764
published_at 2026-04-18T12:55:00Z
5
value 0.00197
scoring_system epss
scoring_elements 0.4169
published_at 2026-04-21T12:55:00Z
6
value 0.00197
scoring_system epss
scoring_elements 0.41753
published_at 2026-04-02T12:55:00Z
7
value 0.00197
scoring_system epss
scoring_elements 0.41782
published_at 2026-04-04T12:55:00Z
8
value 0.00197
scoring_system epss
scoring_elements 0.41709
published_at 2026-04-07T12:55:00Z
9
value 0.00197
scoring_system epss
scoring_elements 0.41759
published_at 2026-04-08T12:55:00Z
10
value 0.00197
scoring_system epss
scoring_elements 0.41768
published_at 2026-04-09T12:55:00Z
11
value 0.00197
scoring_system epss
scoring_elements 0.41791
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3478
1
reference_url https://hackerone.com/reports/1716296
reference_id 1716296
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:04:38Z/
url https://hackerone.com/reports/1716296
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/377788
reference_id 377788
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:04:38Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/377788
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3478.json
reference_id CVE-2022-3478.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:04:38Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3478.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3478
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9xax-zz2y-v7gf
94
url VCID-a1fg-8rfu-zfhg
vulnerability_id VCID-a1fg-8rfu-zfhg
summary A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerability in the external status checks feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2904
reference_id
reference_type
scores
0
value 0.04916
scoring_system epss
scoring_elements 0.89637
published_at 2026-04-24T12:55:00Z
1
value 0.04916
scoring_system epss
scoring_elements 0.89619
published_at 2026-04-11T12:55:00Z
2
value 0.04916
scoring_system epss
scoring_elements 0.89618
published_at 2026-04-12T12:55:00Z
3
value 0.04916
scoring_system epss
scoring_elements 0.89625
published_at 2026-04-16T12:55:00Z
4
value 0.04916
scoring_system epss
scoring_elements 0.89627
published_at 2026-04-18T12:55:00Z
5
value 0.04916
scoring_system epss
scoring_elements 0.89622
published_at 2026-04-21T12:55:00Z
6
value 0.04916
scoring_system epss
scoring_elements 0.89576
published_at 2026-04-02T12:55:00Z
7
value 0.04916
scoring_system epss
scoring_elements 0.89589
published_at 2026-04-04T12:55:00Z
8
value 0.04916
scoring_system epss
scoring_elements 0.8959
published_at 2026-04-07T12:55:00Z
9
value 0.04916
scoring_system epss
scoring_elements 0.89606
published_at 2026-04-08T12:55:00Z
10
value 0.04916
scoring_system epss
scoring_elements 0.89612
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2904
1
reference_url https://hackerone.com/reports/1628009
reference_id 1628009
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T18:46:43Z/
url https://hackerone.com/reports/1628009
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/367408
reference_id 367408
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T18:46:43Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/367408
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2904.json
reference_id CVE-2022-2904.json
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T18:46:43Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2904.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2904
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a1fg-8rfu-zfhg
95
url VCID-a2bg-sm27-2kac
vulnerability_id VCID-a2bg-sm27-2kac
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in how the application parses user agents.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4131
reference_id
reference_type
scores
0
value 0.00258
scoring_system epss
scoring_elements 0.49179
published_at 2026-04-21T12:55:00Z
1
value 0.00258
scoring_system epss
scoring_elements 0.49169
published_at 2026-04-24T12:55:00Z
2
value 0.00258
scoring_system epss
scoring_elements 0.49186
published_at 2026-04-11T12:55:00Z
3
value 0.00258
scoring_system epss
scoring_elements 0.4916
published_at 2026-04-12T12:55:00Z
4
value 0.00258
scoring_system epss
scoring_elements 0.49212
published_at 2026-04-16T12:55:00Z
5
value 0.00258
scoring_system epss
scoring_elements 0.4921
published_at 2026-04-18T12:55:00Z
6
value 0.00258
scoring_system epss
scoring_elements 0.49136
published_at 2026-04-02T12:55:00Z
7
value 0.00258
scoring_system epss
scoring_elements 0.49165
published_at 2026-04-13T12:55:00Z
8
value 0.00258
scoring_system epss
scoring_elements 0.49117
published_at 2026-04-07T12:55:00Z
9
value 0.00258
scoring_system epss
scoring_elements 0.49172
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4131
1
reference_url https://hackerone.com/reports/1772063
reference_id 1772063
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:25:32Z/
url https://hackerone.com/reports/1772063
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/383598
reference_id 383598
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:25:32Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/383598
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4131.json
reference_id CVE-2022-4131.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:25:32Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4131.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-4131
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a2bg-sm27-2kac
96
url VCID-a4kg-mmhm-jqhp
vulnerability_id VCID-a4kg-mmhm-jqhp
summary Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1352
reference_id
reference_type
scores
0
value 0.00209
scoring_system epss
scoring_elements 0.43268
published_at 2026-04-24T12:55:00Z
1
value 0.00209
scoring_system epss
scoring_elements 0.43289
published_at 2026-04-01T12:55:00Z
2
value 0.00209
scoring_system epss
scoring_elements 0.43346
published_at 2026-04-02T12:55:00Z
3
value 0.00209
scoring_system epss
scoring_elements 0.43374
published_at 2026-04-04T12:55:00Z
4
value 0.00209
scoring_system epss
scoring_elements 0.43312
published_at 2026-04-07T12:55:00Z
5
value 0.00209
scoring_system epss
scoring_elements 0.43364
published_at 2026-04-08T12:55:00Z
6
value 0.00209
scoring_system epss
scoring_elements 0.43379
published_at 2026-04-09T12:55:00Z
7
value 0.00209
scoring_system epss
scoring_elements 0.43399
published_at 2026-04-11T12:55:00Z
8
value 0.00209
scoring_system epss
scoring_elements 0.43367
published_at 2026-04-12T12:55:00Z
9
value 0.00209
scoring_system epss
scoring_elements 0.43352
published_at 2026-04-13T12:55:00Z
10
value 0.00209
scoring_system epss
scoring_elements 0.43411
published_at 2026-04-16T12:55:00Z
11
value 0.00209
scoring_system epss
scoring_elements 0.434
published_at 2026-04-18T12:55:00Z
12
value 0.00209
scoring_system epss
scoring_elements 0.43334
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1352
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1352
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a4kg-mmhm-jqhp
97
url VCID-a6ef-nkmh-8ug5
vulnerability_id VCID-a6ef-nkmh-8ug5
summary In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4205
reference_id
reference_type
scores
0
value 0.00082
scoring_system epss
scoring_elements 0.23995
published_at 2026-04-24T12:55:00Z
1
value 0.00082
scoring_system epss
scoring_elements 0.24157
published_at 2026-04-16T12:55:00Z
2
value 0.00082
scoring_system epss
scoring_elements 0.24143
published_at 2026-04-18T12:55:00Z
3
value 0.00082
scoring_system epss
scoring_elements 0.2412
published_at 2026-04-21T12:55:00Z
4
value 0.00082
scoring_system epss
scoring_elements 0.24292
published_at 2026-04-02T12:55:00Z
5
value 0.00082
scoring_system epss
scoring_elements 0.24326
published_at 2026-04-04T12:55:00Z
6
value 0.00082
scoring_system epss
scoring_elements 0.24113
published_at 2026-04-07T12:55:00Z
7
value 0.00082
scoring_system epss
scoring_elements 0.2418
published_at 2026-04-08T12:55:00Z
8
value 0.00082
scoring_system epss
scoring_elements 0.24225
published_at 2026-04-09T12:55:00Z
9
value 0.00082
scoring_system epss
scoring_elements 0.24241
published_at 2026-04-11T12:55:00Z
10
value 0.00082
scoring_system epss
scoring_elements 0.24199
published_at 2026-04-12T12:55:00Z
11
value 0.00082
scoring_system epss
scoring_elements 0.24142
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4205
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/374082
reference_id 374082
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:19:41Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/374082
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4205.json
reference_id CVE-2022-4205.json
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:19:41Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4205.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-4205
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a6ef-nkmh-8ug5
98
url VCID-a6r2-gpzg-uqc3
vulnerability_id VCID-a6r2-gpzg-uqc3
summary An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1072
reference_id
reference_type
scores
0
value 0.00425
scoring_system epss
scoring_elements 0.62278
published_at 2026-04-24T12:55:00Z
1
value 0.00425
scoring_system epss
scoring_elements 0.62277
published_at 2026-04-16T12:55:00Z
2
value 0.00425
scoring_system epss
scoring_elements 0.62284
published_at 2026-04-18T12:55:00Z
3
value 0.00425
scoring_system epss
scoring_elements 0.62269
published_at 2026-04-21T12:55:00Z
4
value 0.00425
scoring_system epss
scoring_elements 0.6218
published_at 2026-04-02T12:55:00Z
5
value 0.00425
scoring_system epss
scoring_elements 0.62211
published_at 2026-04-04T12:55:00Z
6
value 0.00425
scoring_system epss
scoring_elements 0.62178
published_at 2026-04-07T12:55:00Z
7
value 0.00425
scoring_system epss
scoring_elements 0.62228
published_at 2026-04-08T12:55:00Z
8
value 0.00425
scoring_system epss
scoring_elements 0.62246
published_at 2026-04-09T12:55:00Z
9
value 0.00425
scoring_system epss
scoring_elements 0.62264
published_at 2026-04-11T12:55:00Z
10
value 0.00425
scoring_system epss
scoring_elements 0.62253
published_at 2026-04-12T12:55:00Z
11
value 0.00425
scoring_system epss
scoring_elements 0.62232
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1072
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/219619
reference_id 219619
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:32:50Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/219619
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1072.json
reference_id CVE-2023-1072.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:32:50Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1072.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-1072
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a6r2-gpzg-uqc3
99
url VCID-a8mk-ywzj-xbhx
vulnerability_id VCID-a8mk-ywzj-xbhx
summary An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22176
reference_id
reference_type
scores
0
value 0.00096
scoring_system epss
scoring_elements 0.26676
published_at 2026-04-01T12:55:00Z
1
value 0.00096
scoring_system epss
scoring_elements 0.26724
published_at 2026-04-02T12:55:00Z
2
value 0.00096
scoring_system epss
scoring_elements 0.26766
published_at 2026-04-04T12:55:00Z
3
value 0.00096
scoring_system epss
scoring_elements 0.26552
published_at 2026-04-07T12:55:00Z
4
value 0.00096
scoring_system epss
scoring_elements 0.2662
published_at 2026-04-08T12:55:00Z
5
value 0.00096
scoring_system epss
scoring_elements 0.2667
published_at 2026-04-09T12:55:00Z
6
value 0.00096
scoring_system epss
scoring_elements 0.26675
published_at 2026-04-11T12:55:00Z
7
value 0.00096
scoring_system epss
scoring_elements 0.2663
published_at 2026-04-12T12:55:00Z
8
value 0.00096
scoring_system epss
scoring_elements 0.26572
published_at 2026-04-13T12:55:00Z
9
value 0.00096
scoring_system epss
scoring_elements 0.26578
published_at 2026-04-16T12:55:00Z
10
value 0.00096
scoring_system epss
scoring_elements 0.26551
published_at 2026-04-18T12:55:00Z
11
value 0.00096
scoring_system epss
scoring_elements 0.26511
published_at 2026-04-21T12:55:00Z
12
value 0.00096
scoring_system epss
scoring_elements 0.26451
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22176
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22176
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a8mk-ywzj-xbhx
100
url VCID-ad6q-uvub-77ff
vulnerability_id VCID-ad6q-uvub-77ff
summary An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22228
reference_id
reference_type
scores
0
value 0.00231
scoring_system epss
scoring_elements 0.45856
published_at 2026-04-24T12:55:00Z
1
value 0.00231
scoring_system epss
scoring_elements 0.45843
published_at 2026-04-01T12:55:00Z
2
value 0.00231
scoring_system epss
scoring_elements 0.45891
published_at 2026-04-02T12:55:00Z
3
value 0.00231
scoring_system epss
scoring_elements 0.45911
published_at 2026-04-04T12:55:00Z
4
value 0.00231
scoring_system epss
scoring_elements 0.45861
published_at 2026-04-07T12:55:00Z
5
value 0.00231
scoring_system epss
scoring_elements 0.45917
published_at 2026-04-08T12:55:00Z
6
value 0.00231
scoring_system epss
scoring_elements 0.45914
published_at 2026-04-09T12:55:00Z
7
value 0.00231
scoring_system epss
scoring_elements 0.45937
published_at 2026-04-11T12:55:00Z
8
value 0.00231
scoring_system epss
scoring_elements 0.45908
published_at 2026-04-12T12:55:00Z
9
value 0.00231
scoring_system epss
scoring_elements 0.45915
published_at 2026-04-13T12:55:00Z
10
value 0.00231
scoring_system epss
scoring_elements 0.45967
published_at 2026-04-16T12:55:00Z
11
value 0.00231
scoring_system epss
scoring_elements 0.45962
published_at 2026-04-18T12:55:00Z
12
value 0.00231
scoring_system epss
scoring_elements 0.45907
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22228
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22228
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ad6q-uvub-77ff
101
url VCID-ayqz-bvxk-ckdx
vulnerability_id VCID-ayqz-bvxk-ckdx
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab reveals if a user has enabled two-factor authentication on their account in the HTML source, to unauthenticated users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1963
reference_id
reference_type
scores
0
value 0.01166
scoring_system epss
scoring_elements 0.78586
published_at 2026-04-01T12:55:00Z
1
value 0.01166
scoring_system epss
scoring_elements 0.78593
published_at 2026-04-02T12:55:00Z
2
value 0.01166
scoring_system epss
scoring_elements 0.78623
published_at 2026-04-04T12:55:00Z
3
value 0.01166
scoring_system epss
scoring_elements 0.78604
published_at 2026-04-07T12:55:00Z
4
value 0.01166
scoring_system epss
scoring_elements 0.7863
published_at 2026-04-08T12:55:00Z
5
value 0.01166
scoring_system epss
scoring_elements 0.78637
published_at 2026-04-09T12:55:00Z
6
value 0.01166
scoring_system epss
scoring_elements 0.78661
published_at 2026-04-11T12:55:00Z
7
value 0.01166
scoring_system epss
scoring_elements 0.78643
published_at 2026-04-12T12:55:00Z
8
value 0.01166
scoring_system epss
scoring_elements 0.78636
published_at 2026-04-13T12:55:00Z
9
value 0.01166
scoring_system epss
scoring_elements 0.78665
published_at 2026-04-16T12:55:00Z
10
value 0.01166
scoring_system epss
scoring_elements 0.78662
published_at 2026-04-18T12:55:00Z
11
value 0.01166
scoring_system epss
scoring_elements 0.78659
published_at 2026-04-21T12:55:00Z
12
value 0.01166
scoring_system epss
scoring_elements 0.78689
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1963
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1963
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ayqz-bvxk-ckdx
102
url VCID-b1et-bsq2-cyfn
vulnerability_id VCID-b1et-bsq2-cyfn
summary An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22167
reference_id
reference_type
scores
0
value 0.00248
scoring_system epss
scoring_elements 0.48037
published_at 2026-04-24T12:55:00Z
1
value 0.00248
scoring_system epss
scoring_elements 0.47985
published_at 2026-04-01T12:55:00Z
2
value 0.00248
scoring_system epss
scoring_elements 0.48023
published_at 2026-04-02T12:55:00Z
3
value 0.00248
scoring_system epss
scoring_elements 0.48044
published_at 2026-04-04T12:55:00Z
4
value 0.00248
scoring_system epss
scoring_elements 0.47994
published_at 2026-04-07T12:55:00Z
5
value 0.00248
scoring_system epss
scoring_elements 0.48047
published_at 2026-04-08T12:55:00Z
6
value 0.00248
scoring_system epss
scoring_elements 0.4804
published_at 2026-04-09T12:55:00Z
7
value 0.00248
scoring_system epss
scoring_elements 0.48065
published_at 2026-04-11T12:55:00Z
8
value 0.00248
scoring_system epss
scoring_elements 0.48041
published_at 2026-04-12T12:55:00Z
9
value 0.00248
scoring_system epss
scoring_elements 0.48053
published_at 2026-04-13T12:55:00Z
10
value 0.00248
scoring_system epss
scoring_elements 0.48105
published_at 2026-04-16T12:55:00Z
11
value 0.00248
scoring_system epss
scoring_elements 0.481
published_at 2026-04-18T12:55:00Z
12
value 0.00248
scoring_system epss
scoring_elements 0.48056
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22167
1
reference_url https://security.archlinux.org/ASA-202101-10
reference_id ASA-202101-10
reference_type
scores
url https://security.archlinux.org/ASA-202101-10
2
reference_url https://security.archlinux.org/AVG-1416
reference_id AVG-1416
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1416
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22167
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b1et-bsq2-cyfn
103
url VCID-b2qs-yzq6-jufu
vulnerability_id VCID-b2qs-yzq6-jufu
summary An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0838
reference_id
reference_type
scores
0
value 0.00822
scoring_system epss
scoring_elements 0.74408
published_at 2026-04-08T12:55:00Z
1
value 0.00822
scoring_system epss
scoring_elements 0.74453
published_at 2026-04-21T12:55:00Z
2
value 0.00822
scoring_system epss
scoring_elements 0.74463
published_at 2026-04-18T12:55:00Z
3
value 0.00822
scoring_system epss
scoring_elements 0.74454
published_at 2026-04-16T12:55:00Z
4
value 0.00822
scoring_system epss
scoring_elements 0.74417
published_at 2026-04-13T12:55:00Z
5
value 0.00822
scoring_system epss
scoring_elements 0.74426
published_at 2026-04-12T12:55:00Z
6
value 0.00822
scoring_system epss
scoring_elements 0.74446
published_at 2026-04-11T12:55:00Z
7
value 0.00822
scoring_system epss
scoring_elements 0.74424
published_at 2026-04-09T12:55:00Z
8
value 0.00822
scoring_system epss
scoring_elements 0.74375
published_at 2026-04-07T12:55:00Z
9
value 0.00954
scoring_system epss
scoring_elements 0.76477
published_at 2026-04-24T12:55:00Z
10
value 0.01016
scoring_system epss
scoring_elements 0.7714
published_at 2026-04-04T12:55:00Z
11
value 0.01016
scoring_system epss
scoring_elements 0.77111
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0838
1
reference_url https://hackerone.com/reports/1871136
reference_id 1871136
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:59:35Z/
url https://hackerone.com/reports/1871136
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/391685
reference_id 391685
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:59:35Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/391685
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0838.json
reference_id CVE-2023-0838.json
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:59:35Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0838.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-0838
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b2qs-yzq6-jufu
104
url VCID-b4ff-s1xj-27fx
vulnerability_id VCID-b4ff-s1xj-27fx
summary In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39875
reference_id
reference_type
scores
0
value 0.00299
scoring_system epss
scoring_elements 0.53231
published_at 2026-04-24T12:55:00Z
1
value 0.00299
scoring_system epss
scoring_elements 0.53153
published_at 2026-04-01T12:55:00Z
2
value 0.00299
scoring_system epss
scoring_elements 0.53177
published_at 2026-04-02T12:55:00Z
3
value 0.00299
scoring_system epss
scoring_elements 0.53202
published_at 2026-04-04T12:55:00Z
4
value 0.00299
scoring_system epss
scoring_elements 0.53169
published_at 2026-04-07T12:55:00Z
5
value 0.00299
scoring_system epss
scoring_elements 0.53222
published_at 2026-04-08T12:55:00Z
6
value 0.00299
scoring_system epss
scoring_elements 0.53216
published_at 2026-04-09T12:55:00Z
7
value 0.00299
scoring_system epss
scoring_elements 0.53267
published_at 2026-04-11T12:55:00Z
8
value 0.00299
scoring_system epss
scoring_elements 0.53253
published_at 2026-04-12T12:55:00Z
9
value 0.00299
scoring_system epss
scoring_elements 0.53236
published_at 2026-04-13T12:55:00Z
10
value 0.00299
scoring_system epss
scoring_elements 0.53273
published_at 2026-04-16T12:55:00Z
11
value 0.00299
scoring_system epss
scoring_elements 0.53279
published_at 2026-04-18T12:55:00Z
12
value 0.00299
scoring_system epss
scoring_elements 0.5326
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39875
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39875
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b4ff-s1xj-27fx
105
url VCID-bakk-7gzs-sfd8
vulnerability_id VCID-bakk-7gzs-sfd8
summary A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22181
reference_id
reference_type
scores
0
value 0.00171
scoring_system epss
scoring_elements 0.3811
published_at 2026-04-24T12:55:00Z
1
value 0.00171
scoring_system epss
scoring_elements 0.38269
published_at 2026-04-01T12:55:00Z
2
value 0.00171
scoring_system epss
scoring_elements 0.38405
published_at 2026-04-02T12:55:00Z
3
value 0.00171
scoring_system epss
scoring_elements 0.38428
published_at 2026-04-04T12:55:00Z
4
value 0.00171
scoring_system epss
scoring_elements 0.38292
published_at 2026-04-07T12:55:00Z
5
value 0.00171
scoring_system epss
scoring_elements 0.38343
published_at 2026-04-08T12:55:00Z
6
value 0.00171
scoring_system epss
scoring_elements 0.38351
published_at 2026-04-09T12:55:00Z
7
value 0.00171
scoring_system epss
scoring_elements 0.38368
published_at 2026-04-11T12:55:00Z
8
value 0.00171
scoring_system epss
scoring_elements 0.38331
published_at 2026-04-12T12:55:00Z
9
value 0.00171
scoring_system epss
scoring_elements 0.38306
published_at 2026-04-13T12:55:00Z
10
value 0.00171
scoring_system epss
scoring_elements 0.38354
published_at 2026-04-16T12:55:00Z
11
value 0.00171
scoring_system epss
scoring_elements 0.38332
published_at 2026-04-18T12:55:00Z
12
value 0.00171
scoring_system epss
scoring_elements 0.38268
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22181
1
reference_url https://security.archlinux.org/ASA-202106-21
reference_id ASA-202106-21
reference_type
scores
url https://security.archlinux.org/ASA-202106-21
2
reference_url https://security.archlinux.org/AVG-2023
reference_id AVG-2023
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2023
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22181
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bakk-7gzs-sfd8
106
url VCID-bbhu-jsan-33hp
vulnerability_id VCID-bbhu-jsan-33hp
summary Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22245
reference_id
reference_type
scores
0
value 0.00404
scoring_system epss
scoring_elements 0.60804
published_at 2026-04-01T12:55:00Z
1
value 0.00404
scoring_system epss
scoring_elements 0.60877
published_at 2026-04-02T12:55:00Z
2
value 0.00404
scoring_system epss
scoring_elements 0.60905
published_at 2026-04-04T12:55:00Z
3
value 0.00404
scoring_system epss
scoring_elements 0.6087
published_at 2026-04-07T12:55:00Z
4
value 0.00404
scoring_system epss
scoring_elements 0.60919
published_at 2026-04-08T12:55:00Z
5
value 0.00404
scoring_system epss
scoring_elements 0.60935
published_at 2026-04-09T12:55:00Z
6
value 0.00404
scoring_system epss
scoring_elements 0.60957
published_at 2026-04-11T12:55:00Z
7
value 0.00404
scoring_system epss
scoring_elements 0.60943
published_at 2026-04-12T12:55:00Z
8
value 0.00404
scoring_system epss
scoring_elements 0.60924
published_at 2026-04-13T12:55:00Z
9
value 0.00404
scoring_system epss
scoring_elements 0.60965
published_at 2026-04-16T12:55:00Z
10
value 0.00404
scoring_system epss
scoring_elements 0.60971
published_at 2026-04-18T12:55:00Z
11
value 0.00404
scoring_system epss
scoring_elements 0.60956
published_at 2026-04-21T12:55:00Z
12
value 0.00404
scoring_system epss
scoring_elements 0.60947
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22245
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22245
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bbhu-jsan-33hp
107
url VCID-bk4j-xsv9-3fh7
vulnerability_id VCID-bk4j-xsv9-3fh7
summary An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3486
reference_id
reference_type
scores
0
value 0.00381
scoring_system epss
scoring_elements 0.59534
published_at 2026-04-24T12:55:00Z
1
value 0.00381
scoring_system epss
scoring_elements 0.59559
published_at 2026-04-12T12:55:00Z
2
value 0.00381
scoring_system epss
scoring_elements 0.5954
published_at 2026-04-13T12:55:00Z
3
value 0.00381
scoring_system epss
scoring_elements 0.59573
published_at 2026-04-16T12:55:00Z
4
value 0.00381
scoring_system epss
scoring_elements 0.5958
published_at 2026-04-18T12:55:00Z
5
value 0.00381
scoring_system epss
scoring_elements 0.59561
published_at 2026-04-21T12:55:00Z
6
value 0.00381
scoring_system epss
scoring_elements 0.595
published_at 2026-04-02T12:55:00Z
7
value 0.00381
scoring_system epss
scoring_elements 0.59525
published_at 2026-04-04T12:55:00Z
8
value 0.00381
scoring_system epss
scoring_elements 0.59493
published_at 2026-04-07T12:55:00Z
9
value 0.00381
scoring_system epss
scoring_elements 0.59544
published_at 2026-04-08T12:55:00Z
10
value 0.00381
scoring_system epss
scoring_elements 0.59556
published_at 2026-04-09T12:55:00Z
11
value 0.00381
scoring_system epss
scoring_elements 0.59575
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3486
1
reference_url https://hackerone.com/reports/1725190
reference_id 1725190
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:27:47Z/
url https://hackerone.com/reports/1725190
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/377810
reference_id 377810
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:27:47Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/377810
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3486.json
reference_id CVE-2022-3486.json
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:27:47Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3486.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3486
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bk4j-xsv9-3fh7
108
url VCID-buuk-gsy3-w7bp
vulnerability_id VCID-buuk-gsy3-w7bp
summary In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39919
reference_id
reference_type
scores
0
value 0.00068
scoring_system epss
scoring_elements 0.20681
published_at 2026-04-24T12:55:00Z
1
value 0.00068
scoring_system epss
scoring_elements 0.20853
published_at 2026-04-08T12:55:00Z
2
value 0.00068
scoring_system epss
scoring_elements 0.21004
published_at 2026-04-02T12:55:00Z
3
value 0.00068
scoring_system epss
scoring_elements 0.2106
published_at 2026-04-04T12:55:00Z
4
value 0.00068
scoring_system epss
scoring_elements 0.20774
published_at 2026-04-07T12:55:00Z
5
value 0.00068
scoring_system epss
scoring_elements 0.20915
published_at 2026-04-09T12:55:00Z
6
value 0.00068
scoring_system epss
scoring_elements 0.20931
published_at 2026-04-11T12:55:00Z
7
value 0.00068
scoring_system epss
scoring_elements 0.20887
published_at 2026-04-12T12:55:00Z
8
value 0.00068
scoring_system epss
scoring_elements 0.20836
published_at 2026-04-13T12:55:00Z
9
value 0.00068
scoring_system epss
scoring_elements 0.20826
published_at 2026-04-16T12:55:00Z
10
value 0.00068
scoring_system epss
scoring_elements 0.20818
published_at 2026-04-18T12:55:00Z
11
value 0.00068
scoring_system epss
scoring_elements 0.208
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39919
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39919
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-buuk-gsy3-w7bp
109
url VCID-bvmd-gmg3-eue2
vulnerability_id VCID-bvmd-gmg3-eue2
summary An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some certain amount of information which allowed an user to authenticate without a personal access token.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1426
reference_id
reference_type
scores
0
value 0.00201
scoring_system epss
scoring_elements 0.42106
published_at 2026-04-24T12:55:00Z
1
value 0.00201
scoring_system epss
scoring_elements 0.42157
published_at 2026-04-01T12:55:00Z
2
value 0.00201
scoring_system epss
scoring_elements 0.42215
published_at 2026-04-02T12:55:00Z
3
value 0.00201
scoring_system epss
scoring_elements 0.42244
published_at 2026-04-09T12:55:00Z
4
value 0.00201
scoring_system epss
scoring_elements 0.42186
published_at 2026-04-07T12:55:00Z
5
value 0.00201
scoring_system epss
scoring_elements 0.42236
published_at 2026-04-08T12:55:00Z
6
value 0.00201
scoring_system epss
scoring_elements 0.42267
published_at 2026-04-11T12:55:00Z
7
value 0.00201
scoring_system epss
scoring_elements 0.42231
published_at 2026-04-12T12:55:00Z
8
value 0.00201
scoring_system epss
scoring_elements 0.42202
published_at 2026-04-13T12:55:00Z
9
value 0.00201
scoring_system epss
scoring_elements 0.42253
published_at 2026-04-16T12:55:00Z
10
value 0.00201
scoring_system epss
scoring_elements 0.42228
published_at 2026-04-18T12:55:00Z
11
value 0.00201
scoring_system epss
scoring_elements 0.4216
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1426
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1426
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bvmd-gmg3-eue2
110
url VCID-bzyn-9qku-1qh2
vulnerability_id VCID-bzyn-9qku-1qh2
summary An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2533
reference_id
reference_type
scores
0
value 0.0016
scoring_system epss
scoring_elements 0.36993
published_at 2026-04-02T12:55:00Z
1
value 0.0016
scoring_system epss
scoring_elements 0.37027
published_at 2026-04-04T12:55:00Z
2
value 0.0016
scoring_system epss
scoring_elements 0.36855
published_at 2026-04-07T12:55:00Z
3
value 0.0016
scoring_system epss
scoring_elements 0.36906
published_at 2026-04-08T12:55:00Z
4
value 0.0016
scoring_system epss
scoring_elements 0.36921
published_at 2026-04-09T12:55:00Z
5
value 0.0016
scoring_system epss
scoring_elements 0.36929
published_at 2026-04-11T12:55:00Z
6
value 0.00169
scoring_system epss
scoring_elements 0.38111
published_at 2026-04-16T12:55:00Z
7
value 0.00169
scoring_system epss
scoring_elements 0.38091
published_at 2026-04-18T12:55:00Z
8
value 0.00169
scoring_system epss
scoring_elements 0.38028
published_at 2026-04-21T12:55:00Z
9
value 0.00169
scoring_system epss
scoring_elements 0.37813
published_at 2026-04-24T12:55:00Z
10
value 0.00169
scoring_system epss
scoring_elements 0.3809
published_at 2026-04-12T12:55:00Z
11
value 0.00169
scoring_system epss
scoring_elements 0.38066
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2533
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/363863
reference_id 363863
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T19:31:57Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/363863
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2533.json
reference_id CVE-2022-2533.json
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T19:31:57Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2533.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2533
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bzyn-9qku-1qh2
111
url VCID-c8pt-xn2d-9kbu
vulnerability_id VCID-c8pt-xn2d-9kbu
summary An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3820
reference_id
reference_type
scores
0
value 0.00116
scoring_system epss
scoring_elements 0.30213
published_at 2026-04-24T12:55:00Z
1
value 0.00116
scoring_system epss
scoring_elements 0.30339
published_at 2026-04-16T12:55:00Z
2
value 0.00116
scoring_system epss
scoring_elements 0.30321
published_at 2026-04-18T12:55:00Z
3
value 0.00116
scoring_system epss
scoring_elements 0.30276
published_at 2026-04-21T12:55:00Z
4
value 0.00116
scoring_system epss
scoring_elements 0.30462
published_at 2026-04-02T12:55:00Z
5
value 0.00116
scoring_system epss
scoring_elements 0.30509
published_at 2026-04-04T12:55:00Z
6
value 0.00116
scoring_system epss
scoring_elements 0.30319
published_at 2026-04-07T12:55:00Z
7
value 0.00116
scoring_system epss
scoring_elements 0.30378
published_at 2026-04-08T12:55:00Z
8
value 0.00116
scoring_system epss
scoring_elements 0.30413
published_at 2026-04-09T12:55:00Z
9
value 0.00116
scoring_system epss
scoring_elements 0.30415
published_at 2026-04-11T12:55:00Z
10
value 0.00116
scoring_system epss
scoring_elements 0.30371
published_at 2026-04-12T12:55:00Z
11
value 0.00116
scoring_system epss
scoring_elements 0.30323
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3820
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/378638
reference_id 378638
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-02T15:02:02Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/378638
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3820.json
reference_id CVE-2022-3820.json
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-02T15:02:02Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3820.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3820
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c8pt-xn2d-9kbu
112
url VCID-ccmp-4xq2-ayau
vulnerability_id VCID-ccmp-4xq2-ayau
summary A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39877
reference_id
reference_type
scores
0
value 0.00178
scoring_system epss
scoring_elements 0.39109
published_at 2026-04-24T12:55:00Z
1
value 0.00178
scoring_system epss
scoring_elements 0.39237
published_at 2026-04-01T12:55:00Z
2
value 0.00178
scoring_system epss
scoring_elements 0.39405
published_at 2026-04-02T12:55:00Z
3
value 0.00178
scoring_system epss
scoring_elements 0.39428
published_at 2026-04-04T12:55:00Z
4
value 0.00178
scoring_system epss
scoring_elements 0.39343
published_at 2026-04-07T12:55:00Z
5
value 0.00178
scoring_system epss
scoring_elements 0.39398
published_at 2026-04-08T12:55:00Z
6
value 0.00178
scoring_system epss
scoring_elements 0.39415
published_at 2026-04-09T12:55:00Z
7
value 0.00178
scoring_system epss
scoring_elements 0.39426
published_at 2026-04-11T12:55:00Z
8
value 0.00178
scoring_system epss
scoring_elements 0.39387
published_at 2026-04-12T12:55:00Z
9
value 0.00178
scoring_system epss
scoring_elements 0.39369
published_at 2026-04-13T12:55:00Z
10
value 0.00178
scoring_system epss
scoring_elements 0.39421
published_at 2026-04-16T12:55:00Z
11
value 0.00178
scoring_system epss
scoring_elements 0.39392
published_at 2026-04-18T12:55:00Z
12
value 0.00178
scoring_system epss
scoring_elements 0.39306
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39877
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39877
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ccmp-4xq2-ayau
113
url VCID-cdn5-zfvg-37a2
vulnerability_id VCID-cdn5-zfvg-37a2
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A specially crafted merge request could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2442
reference_id
reference_type
scores
0
value 0.84363
scoring_system epss
scoring_elements 0.99326
published_at 2026-04-24T12:55:00Z
1
value 0.84363
scoring_system epss
scoring_elements 0.99321
published_at 2026-04-09T12:55:00Z
2
value 0.84363
scoring_system epss
scoring_elements 0.99322
published_at 2026-04-11T12:55:00Z
3
value 0.84363
scoring_system epss
scoring_elements 0.99323
published_at 2026-04-13T12:55:00Z
4
value 0.84363
scoring_system epss
scoring_elements 0.99325
published_at 2026-04-18T12:55:00Z
5
value 0.84363
scoring_system epss
scoring_elements 0.99324
published_at 2026-04-21T12:55:00Z
6
value 0.84363
scoring_system epss
scoring_elements 0.99316
published_at 2026-04-02T12:55:00Z
7
value 0.84363
scoring_system epss
scoring_elements 0.99318
published_at 2026-04-04T12:55:00Z
8
value 0.84363
scoring_system epss
scoring_elements 0.99319
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2442
1
reference_url https://hackerone.com/reports/1965750
reference_id 1965750
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-07T16:29:40Z/
url https://hackerone.com/reports/1965750
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/409346
reference_id 409346
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-07T16:29:40Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/409346
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2442.json
reference_id CVE-2023-2442.json
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-07T16:29:40Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2442.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-2442
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cdn5-zfvg-37a2
114
url VCID-cjtt-uq2f-hbd5
vulnerability_id VCID-cjtt-uq2f-hbd5
summary Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22172
reference_id
reference_type
scores
0
value 0.00255
scoring_system epss
scoring_elements 0.48873
published_at 2026-04-24T12:55:00Z
1
value 0.00255
scoring_system epss
scoring_elements 0.48813
published_at 2026-04-01T12:55:00Z
2
value 0.00255
scoring_system epss
scoring_elements 0.4885
published_at 2026-04-02T12:55:00Z
3
value 0.00255
scoring_system epss
scoring_elements 0.48876
published_at 2026-04-04T12:55:00Z
4
value 0.00255
scoring_system epss
scoring_elements 0.4883
published_at 2026-04-07T12:55:00Z
5
value 0.00255
scoring_system epss
scoring_elements 0.48884
published_at 2026-04-08T12:55:00Z
6
value 0.00255
scoring_system epss
scoring_elements 0.48881
published_at 2026-04-09T12:55:00Z
7
value 0.00255
scoring_system epss
scoring_elements 0.48897
published_at 2026-04-11T12:55:00Z
8
value 0.00255
scoring_system epss
scoring_elements 0.48872
published_at 2026-04-12T12:55:00Z
9
value 0.00255
scoring_system epss
scoring_elements 0.4888
published_at 2026-04-13T12:55:00Z
10
value 0.00255
scoring_system epss
scoring_elements 0.48928
published_at 2026-04-16T12:55:00Z
11
value 0.00255
scoring_system epss
scoring_elements 0.48924
published_at 2026-04-18T12:55:00Z
12
value 0.00255
scoring_system epss
scoring_elements 0.48885
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22172
1
reference_url https://security.archlinux.org/ASA-202102-11
reference_id ASA-202102-11
reference_type
scores
url https://security.archlinux.org/ASA-202102-11
2
reference_url https://security.archlinux.org/AVG-1521
reference_id AVG-1521
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1521
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22172
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cjtt-uq2f-hbd5
115
url VCID-ckry-v723-n7en
vulnerability_id VCID-ckry-v723-n7en
summary In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39894
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37239
published_at 2026-04-24T12:55:00Z
1
value 0.00165
scoring_system epss
scoring_elements 0.37411
published_at 2026-04-01T12:55:00Z
2
value 0.00165
scoring_system epss
scoring_elements 0.37577
published_at 2026-04-02T12:55:00Z
3
value 0.00165
scoring_system epss
scoring_elements 0.37601
published_at 2026-04-04T12:55:00Z
4
value 0.00165
scoring_system epss
scoring_elements 0.37478
published_at 2026-04-07T12:55:00Z
5
value 0.00165
scoring_system epss
scoring_elements 0.37529
published_at 2026-04-08T12:55:00Z
6
value 0.00165
scoring_system epss
scoring_elements 0.37542
published_at 2026-04-16T12:55:00Z
7
value 0.00165
scoring_system epss
scoring_elements 0.37556
published_at 2026-04-11T12:55:00Z
8
value 0.00165
scoring_system epss
scoring_elements 0.37521
published_at 2026-04-12T12:55:00Z
9
value 0.00165
scoring_system epss
scoring_elements 0.37495
published_at 2026-04-13T12:55:00Z
10
value 0.00165
scoring_system epss
scoring_elements 0.37523
published_at 2026-04-18T12:55:00Z
11
value 0.00165
scoring_system epss
scoring_elements 0.37459
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39894
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39894
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ckry-v723-n7en
116
url VCID-crxk-a6uc-a7gh
vulnerability_id VCID-crxk-a6uc-a7gh
summary A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0921
reference_id
reference_type
scores
0
value 0.21458
scoring_system epss
scoring_elements 0.95725
published_at 2026-04-24T12:55:00Z
1
value 0.21458
scoring_system epss
scoring_elements 0.95708
published_at 2026-04-12T12:55:00Z
2
value 0.21458
scoring_system epss
scoring_elements 0.95709
published_at 2026-04-13T12:55:00Z
3
value 0.21458
scoring_system epss
scoring_elements 0.95718
published_at 2026-04-16T12:55:00Z
4
value 0.21458
scoring_system epss
scoring_elements 0.95722
published_at 2026-04-18T12:55:00Z
5
value 0.21458
scoring_system epss
scoring_elements 0.95723
published_at 2026-04-21T12:55:00Z
6
value 0.21458
scoring_system epss
scoring_elements 0.95684
published_at 2026-04-02T12:55:00Z
7
value 0.21458
scoring_system epss
scoring_elements 0.95689
published_at 2026-04-04T12:55:00Z
8
value 0.21458
scoring_system epss
scoring_elements 0.95692
published_at 2026-04-07T12:55:00Z
9
value 0.21458
scoring_system epss
scoring_elements 0.957
published_at 2026-04-08T12:55:00Z
10
value 0.21458
scoring_system epss
scoring_elements 0.95704
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0921
1
reference_url https://hackerone.com/reports/1869839
reference_id 1869839
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:41:02Z/
url https://hackerone.com/reports/1869839
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/392433
reference_id 392433
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:41:02Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/392433
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0921.json
reference_id CVE-2023-0921.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:41:02Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0921.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-0921
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-crxk-a6uc-a7gh
117
url VCID-ctkx-akra-t3bt
vulnerability_id VCID-ctkx-akra-t3bt
summary An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4143
reference_id
reference_type
scores
0
value 0.00211
scoring_system epss
scoring_elements 0.43575
published_at 2026-04-02T12:55:00Z
1
value 0.00211
scoring_system epss
scoring_elements 0.43605
published_at 2026-04-09T12:55:00Z
2
value 0.00211
scoring_system epss
scoring_elements 0.43623
published_at 2026-04-11T12:55:00Z
3
value 0.00211
scoring_system epss
scoring_elements 0.43592
published_at 2026-04-12T12:55:00Z
4
value 0.00211
scoring_system epss
scoring_elements 0.43576
published_at 2026-04-13T12:55:00Z
5
value 0.00211
scoring_system epss
scoring_elements 0.43637
published_at 2026-04-16T12:55:00Z
6
value 0.00211
scoring_system epss
scoring_elements 0.43626
published_at 2026-04-18T12:55:00Z
7
value 0.00211
scoring_system epss
scoring_elements 0.43561
published_at 2026-04-21T12:55:00Z
8
value 0.00211
scoring_system epss
scoring_elements 0.43602
published_at 2026-04-04T12:55:00Z
9
value 0.00211
scoring_system epss
scoring_elements 0.43539
published_at 2026-04-07T12:55:00Z
10
value 0.00211
scoring_system epss
scoring_elements 0.4359
published_at 2026-04-08T12:55:00Z
11
value 0.00213
scoring_system epss
scoring_elements 0.43776
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4143
1
reference_url https://hackerone.com/reports/1767639
reference_id 1767639
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-03T19:58:44Z/
url https://hackerone.com/reports/1767639
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/383776
reference_id 383776
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-03T19:58:44Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/383776
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4143.json
reference_id CVE-2022-4143.json
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-03T19:58:44Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4143.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-4143
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ctkx-akra-t3bt
118
url VCID-cxuk-gqse-mkf9
vulnerability_id VCID-cxuk-gqse-mkf9
summary A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4206
reference_id
reference_type
scores
0
value 0.00154
scoring_system epss
scoring_elements 0.35912
published_at 2026-04-24T12:55:00Z
1
value 0.00154
scoring_system epss
scoring_elements 0.3621
published_at 2026-04-16T12:55:00Z
2
value 0.00154
scoring_system epss
scoring_elements 0.36194
published_at 2026-04-18T12:55:00Z
3
value 0.00154
scoring_system epss
scoring_elements 0.36143
published_at 2026-04-21T12:55:00Z
4
value 0.00154
scoring_system epss
scoring_elements 0.3629
published_at 2026-04-02T12:55:00Z
5
value 0.00154
scoring_system epss
scoring_elements 0.36323
published_at 2026-04-04T12:55:00Z
6
value 0.00154
scoring_system epss
scoring_elements 0.36157
published_at 2026-04-07T12:55:00Z
7
value 0.00154
scoring_system epss
scoring_elements 0.36208
published_at 2026-04-08T12:55:00Z
8
value 0.00154
scoring_system epss
scoring_elements 0.36225
published_at 2026-04-09T12:55:00Z
9
value 0.00154
scoring_system epss
scoring_elements 0.3623
published_at 2026-04-11T12:55:00Z
10
value 0.00154
scoring_system epss
scoring_elements 0.36193
published_at 2026-04-12T12:55:00Z
11
value 0.00154
scoring_system epss
scoring_elements 0.36168
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4206
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/383083
reference_id 383083
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:43:00Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/383083
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4206.json
reference_id CVE-2022-4206.json
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:43:00Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4206.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-4206
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cxuk-gqse-mkf9
119
url VCID-d1vm-nxpd-1kfb
vulnerability_id VCID-d1vm-nxpd-1kfb
summary An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0283
reference_id
reference_type
scores
0
value 0.00157
scoring_system epss
scoring_elements 0.36436
published_at 2026-04-01T12:55:00Z
1
value 0.00157
scoring_system epss
scoring_elements 0.36608
published_at 2026-04-02T12:55:00Z
2
value 0.00157
scoring_system epss
scoring_elements 0.36641
published_at 2026-04-04T12:55:00Z
3
value 0.00157
scoring_system epss
scoring_elements 0.36479
published_at 2026-04-07T12:55:00Z
4
value 0.00157
scoring_system epss
scoring_elements 0.3653
published_at 2026-04-08T12:55:00Z
5
value 0.00157
scoring_system epss
scoring_elements 0.3655
published_at 2026-04-09T12:55:00Z
6
value 0.00157
scoring_system epss
scoring_elements 0.36556
published_at 2026-04-11T12:55:00Z
7
value 0.00157
scoring_system epss
scoring_elements 0.36522
published_at 2026-04-12T12:55:00Z
8
value 0.00157
scoring_system epss
scoring_elements 0.36498
published_at 2026-04-13T12:55:00Z
9
value 0.00157
scoring_system epss
scoring_elements 0.36542
published_at 2026-04-16T12:55:00Z
10
value 0.00157
scoring_system epss
scoring_elements 0.36524
published_at 2026-04-18T12:55:00Z
11
value 0.00157
scoring_system epss
scoring_elements 0.3647
published_at 2026-04-21T12:55:00Z
12
value 0.00157
scoring_system epss
scoring_elements 0.36243
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0283
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0283
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d1vm-nxpd-1kfb
120
url VCID-d39z-kj36-6ubd
vulnerability_id VCID-d39z-kj36-6ubd
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error tracking settings page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4365
reference_id
reference_type
scores
0
value 0.00659
scoring_system epss
scoring_elements 0.71149
published_at 2026-04-24T12:55:00Z
1
value 0.00659
scoring_system epss
scoring_elements 0.71075
published_at 2026-04-12T12:55:00Z
2
value 0.00659
scoring_system epss
scoring_elements 0.71058
published_at 2026-04-13T12:55:00Z
3
value 0.00659
scoring_system epss
scoring_elements 0.71105
published_at 2026-04-16T12:55:00Z
4
value 0.00659
scoring_system epss
scoring_elements 0.71112
published_at 2026-04-18T12:55:00Z
5
value 0.00659
scoring_system epss
scoring_elements 0.71092
published_at 2026-04-21T12:55:00Z
6
value 0.00659
scoring_system epss
scoring_elements 0.71017
published_at 2026-04-02T12:55:00Z
7
value 0.00659
scoring_system epss
scoring_elements 0.71035
published_at 2026-04-04T12:55:00Z
8
value 0.00659
scoring_system epss
scoring_elements 0.7101
published_at 2026-04-07T12:55:00Z
9
value 0.00659
scoring_system epss
scoring_elements 0.71052
published_at 2026-04-08T12:55:00Z
10
value 0.00659
scoring_system epss
scoring_elements 0.71067
published_at 2026-04-09T12:55:00Z
11
value 0.00659
scoring_system epss
scoring_elements 0.7109
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4365
1
reference_url https://hackerone.com/reports/1792626
reference_id 1792626
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T13:49:47Z/
url https://hackerone.com/reports/1792626
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/385193
reference_id 385193
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T13:49:47Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/385193
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4365.json
reference_id CVE-2022-4365.json
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T13:49:47Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4365.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-4365
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d39z-kj36-6ubd
121
url VCID-d4kh-973e-myad
vulnerability_id VCID-d4kh-973e-myad
summary A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2428
reference_id
reference_type
scores
0
value 0.00383
scoring_system epss
scoring_elements 0.59578
published_at 2026-04-02T12:55:00Z
1
value 0.00383
scoring_system epss
scoring_elements 0.59603
published_at 2026-04-04T12:55:00Z
2
value 0.00383
scoring_system epss
scoring_elements 0.59572
published_at 2026-04-07T12:55:00Z
3
value 0.00383
scoring_system epss
scoring_elements 0.59623
published_at 2026-04-08T12:55:00Z
4
value 0.00383
scoring_system epss
scoring_elements 0.59636
published_at 2026-04-09T12:55:00Z
5
value 0.00383
scoring_system epss
scoring_elements 0.59656
published_at 2026-04-11T12:55:00Z
6
value 0.00404
scoring_system epss
scoring_elements 0.60955
published_at 2026-04-12T12:55:00Z
7
value 0.00404
scoring_system epss
scoring_elements 0.60936
published_at 2026-04-13T12:55:00Z
8
value 0.00404
scoring_system epss
scoring_elements 0.60978
published_at 2026-04-16T12:55:00Z
9
value 0.00404
scoring_system epss
scoring_elements 0.60984
published_at 2026-04-18T12:55:00Z
10
value 0.00404
scoring_system epss
scoring_elements 0.60969
published_at 2026-04-21T12:55:00Z
11
value 0.00404
scoring_system epss
scoring_elements 0.6096
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2428
1
reference_url https://hackerone.com/reports/1563379
reference_id 1563379
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T19:48:19Z/
url https://hackerone.com/reports/1563379
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/362272
reference_id 362272
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T19:48:19Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/362272
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2428.json
reference_id CVE-2022-2428.json
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T19:48:19Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2428.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2428
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4kh-973e-myad
122
url VCID-d8a7-j1w1-p7c2
vulnerability_id VCID-d8a7-j1w1-p7c2
summary An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0155
reference_id
reference_type
scores
0
value 0.00142
scoring_system epss
scoring_elements 0.34087
published_at 2026-04-24T12:55:00Z
1
value 0.00142
scoring_system epss
scoring_elements 0.34512
published_at 2026-04-08T12:55:00Z
2
value 0.00142
scoring_system epss
scoring_elements 0.34541
published_at 2026-04-09T12:55:00Z
3
value 0.00142
scoring_system epss
scoring_elements 0.34543
published_at 2026-04-11T12:55:00Z
4
value 0.00142
scoring_system epss
scoring_elements 0.34504
published_at 2026-04-12T12:55:00Z
5
value 0.00142
scoring_system epss
scoring_elements 0.3448
published_at 2026-04-13T12:55:00Z
6
value 0.00142
scoring_system epss
scoring_elements 0.34516
published_at 2026-04-16T12:55:00Z
7
value 0.00142
scoring_system epss
scoring_elements 0.34502
published_at 2026-04-18T12:55:00Z
8
value 0.00142
scoring_system epss
scoring_elements 0.34463
published_at 2026-04-21T12:55:00Z
9
value 0.00142
scoring_system epss
scoring_elements 0.34469
published_at 2026-04-07T12:55:00Z
10
value 0.00176
scoring_system epss
scoring_elements 0.392
published_at 2026-04-04T12:55:00Z
11
value 0.00176
scoring_system epss
scoring_elements 0.39178
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0155
1
reference_url https://hackerone.com/reports/1817250
reference_id 1817250
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:37:46Z/
url https://hackerone.com/reports/1817250
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/387638
reference_id 387638
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:37:46Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/387638
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0155.json
reference_id CVE-2023-0155.json
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:37:46Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0155.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-0155
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d8a7-j1w1-p7c2
123
url VCID-d91h-tcch-t3ct
vulnerability_id VCID-d91h-tcch-t3ct
summary An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4054
reference_id
reference_type
scores
0
value 0.00229
scoring_system epss
scoring_elements 0.45619
published_at 2026-04-24T12:55:00Z
1
value 0.00229
scoring_system epss
scoring_elements 0.45718
published_at 2026-04-11T12:55:00Z
2
value 0.00229
scoring_system epss
scoring_elements 0.45688
published_at 2026-04-12T12:55:00Z
3
value 0.00229
scoring_system epss
scoring_elements 0.45746
published_at 2026-04-16T12:55:00Z
4
value 0.00229
scoring_system epss
scoring_elements 0.4574
published_at 2026-04-18T12:55:00Z
5
value 0.00229
scoring_system epss
scoring_elements 0.45689
published_at 2026-04-21T12:55:00Z
6
value 0.00229
scoring_system epss
scoring_elements 0.45676
published_at 2026-04-02T12:55:00Z
7
value 0.00229
scoring_system epss
scoring_elements 0.45696
published_at 2026-04-13T12:55:00Z
8
value 0.00229
scoring_system epss
scoring_elements 0.45644
published_at 2026-04-07T12:55:00Z
9
value 0.00229
scoring_system epss
scoring_elements 0.45699
published_at 2026-04-08T12:55:00Z
10
value 0.00229
scoring_system epss
scoring_elements 0.45695
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4054
1
reference_url https://hackerone.com/reports/1758126
reference_id 1758126
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:15:23Z/
url https://hackerone.com/reports/1758126
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/382260
reference_id 382260
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:15:23Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/382260
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4054.json
reference_id CVE-2022-4054.json
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:15:23Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4054.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-4054
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d91h-tcch-t3ct
124
url VCID-dana-dyhj-4yec
vulnerability_id VCID-dana-dyhj-4yec
summary In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39895
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51466
published_at 2026-04-24T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51385
published_at 2026-04-01T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.51436
published_at 2026-04-02T12:55:00Z
3
value 0.00281
scoring_system epss
scoring_elements 0.51463
published_at 2026-04-04T12:55:00Z
4
value 0.00281
scoring_system epss
scoring_elements 0.51423
published_at 2026-04-07T12:55:00Z
5
value 0.00281
scoring_system epss
scoring_elements 0.51476
published_at 2026-04-08T12:55:00Z
6
value 0.00281
scoring_system epss
scoring_elements 0.51474
published_at 2026-04-09T12:55:00Z
7
value 0.00281
scoring_system epss
scoring_elements 0.51518
published_at 2026-04-11T12:55:00Z
8
value 0.00281
scoring_system epss
scoring_elements 0.51497
published_at 2026-04-12T12:55:00Z
9
value 0.00281
scoring_system epss
scoring_elements 0.51484
published_at 2026-04-13T12:55:00Z
10
value 0.00281
scoring_system epss
scoring_elements 0.51526
published_at 2026-04-16T12:55:00Z
11
value 0.00281
scoring_system epss
scoring_elements 0.51535
published_at 2026-04-18T12:55:00Z
12
value 0.00281
scoring_system epss
scoring_elements 0.51513
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39895
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39895
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dana-dyhj-4yec
125
url VCID-ddrf-4kkt-2fdk
vulnerability_id VCID-ddrf-4kkt-2fdk
summary An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22178
reference_id
reference_type
scores
0
value 0.00275
scoring_system epss
scoring_elements 0.50868
published_at 2026-04-01T12:55:00Z
1
value 0.00275
scoring_system epss
scoring_elements 0.50926
published_at 2026-04-02T12:55:00Z
2
value 0.00275
scoring_system epss
scoring_elements 0.50951
published_at 2026-04-04T12:55:00Z
3
value 0.00275
scoring_system epss
scoring_elements 0.50909
published_at 2026-04-07T12:55:00Z
4
value 0.00275
scoring_system epss
scoring_elements 0.50966
published_at 2026-04-08T12:55:00Z
5
value 0.00275
scoring_system epss
scoring_elements 0.50964
published_at 2026-04-09T12:55:00Z
6
value 0.00275
scoring_system epss
scoring_elements 0.51006
published_at 2026-04-16T12:55:00Z
7
value 0.00275
scoring_system epss
scoring_elements 0.50986
published_at 2026-04-12T12:55:00Z
8
value 0.00275
scoring_system epss
scoring_elements 0.5097
published_at 2026-04-13T12:55:00Z
9
value 0.00275
scoring_system epss
scoring_elements 0.51013
published_at 2026-04-18T12:55:00Z
10
value 0.00275
scoring_system epss
scoring_elements 0.50991
published_at 2026-04-21T12:55:00Z
11
value 0.00275
scoring_system epss
scoring_elements 0.50938
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22178
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22178
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ddrf-4kkt-2fdk
126
url VCID-dfrd-2pjx-4ba4
vulnerability_id VCID-dfrd-2pjx-4ba4
summary In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39873
reference_id
reference_type
scores
0
value 0.00275
scoring_system epss
scoring_elements 0.50957
published_at 2026-04-24T12:55:00Z
1
value 0.00275
scoring_system epss
scoring_elements 0.5089
published_at 2026-04-01T12:55:00Z
2
value 0.00275
scoring_system epss
scoring_elements 0.50944
published_at 2026-04-02T12:55:00Z
3
value 0.00275
scoring_system epss
scoring_elements 0.50969
published_at 2026-04-04T12:55:00Z
4
value 0.00275
scoring_system epss
scoring_elements 0.50927
published_at 2026-04-07T12:55:00Z
5
value 0.00275
scoring_system epss
scoring_elements 0.50984
published_at 2026-04-08T12:55:00Z
6
value 0.00275
scoring_system epss
scoring_elements 0.50981
published_at 2026-04-09T12:55:00Z
7
value 0.00275
scoring_system epss
scoring_elements 0.51024
published_at 2026-04-16T12:55:00Z
8
value 0.00275
scoring_system epss
scoring_elements 0.51003
published_at 2026-04-12T12:55:00Z
9
value 0.00275
scoring_system epss
scoring_elements 0.50987
published_at 2026-04-13T12:55:00Z
10
value 0.00275
scoring_system epss
scoring_elements 0.51031
published_at 2026-04-18T12:55:00Z
11
value 0.00275
scoring_system epss
scoring_elements 0.51009
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39873
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39873
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dfrd-2pjx-4ba4
127
url VCID-dnfu-5u32-3qe6
vulnerability_id VCID-dnfu-5u32-3qe6
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A reflected XSS was possible when creating new abuse reports which allows attackers to perform arbitrary actions on behalf of victims.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2015
reference_id
reference_type
scores
0
value 0.08098
scoring_system epss
scoring_elements 0.92166
published_at 2026-04-24T12:55:00Z
1
value 0.08098
scoring_system epss
scoring_elements 0.92134
published_at 2026-04-04T12:55:00Z
2
value 0.08098
scoring_system epss
scoring_elements 0.92139
published_at 2026-04-07T12:55:00Z
3
value 0.08098
scoring_system epss
scoring_elements 0.9215
published_at 2026-04-08T12:55:00Z
4
value 0.08098
scoring_system epss
scoring_elements 0.92153
published_at 2026-04-13T12:55:00Z
5
value 0.08098
scoring_system epss
scoring_elements 0.92158
published_at 2026-04-12T12:55:00Z
6
value 0.08098
scoring_system epss
scoring_elements 0.92164
published_at 2026-04-16T12:55:00Z
7
value 0.08098
scoring_system epss
scoring_elements 0.92162
published_at 2026-04-21T12:55:00Z
8
value 0.09365
scoring_system epss
scoring_elements 0.92753
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2015
1
reference_url https://hackerone.com/reports/1941091
reference_id 1941091
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:47:55Z/
url https://hackerone.com/reports/1941091
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/407137
reference_id 407137
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:47:55Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/407137
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2015.json
reference_id CVE-2023-2015.json
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:47:55Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2015.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-2015
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dnfu-5u32-3qe6
128
url VCID-dpda-b429-ske5
vulnerability_id VCID-dpda-b429-ske5
summary Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22237
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.38737
published_at 2026-04-24T12:55:00Z
1
value 0.00175
scoring_system epss
scoring_elements 0.38857
published_at 2026-04-01T12:55:00Z
2
value 0.00175
scoring_system epss
scoring_elements 0.38989
published_at 2026-04-02T12:55:00Z
3
value 0.00175
scoring_system epss
scoring_elements 0.39009
published_at 2026-04-04T12:55:00Z
4
value 0.00175
scoring_system epss
scoring_elements 0.3894
published_at 2026-04-07T12:55:00Z
5
value 0.00175
scoring_system epss
scoring_elements 0.38993
published_at 2026-04-08T12:55:00Z
6
value 0.00175
scoring_system epss
scoring_elements 0.39007
published_at 2026-04-09T12:55:00Z
7
value 0.00175
scoring_system epss
scoring_elements 0.39019
published_at 2026-04-11T12:55:00Z
8
value 0.00175
scoring_system epss
scoring_elements 0.38983
published_at 2026-04-12T12:55:00Z
9
value 0.00175
scoring_system epss
scoring_elements 0.38956
published_at 2026-04-13T12:55:00Z
10
value 0.00175
scoring_system epss
scoring_elements 0.39003
published_at 2026-04-16T12:55:00Z
11
value 0.00175
scoring_system epss
scoring_elements 0.38984
published_at 2026-04-18T12:55:00Z
12
value 0.00175
scoring_system epss
scoring_elements 0.389
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22237
1
reference_url https://security.archlinux.org/ASA-202108-7
reference_id ASA-202108-7
reference_type
scores
url https://security.archlinux.org/ASA-202108-7
2
reference_url https://security.archlinux.org/AVG-2251
reference_id AVG-2251
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2251
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22237
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dpda-b429-ske5
129
url VCID-dq4q-mw69-q3gg
vulnerability_id VCID-dq4q-mw69-q3gg
summary An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2181
reference_id
reference_type
scores
0
value 0.00372
scoring_system epss
scoring_elements 0.58965
published_at 2026-04-24T12:55:00Z
1
value 0.00372
scoring_system epss
scoring_elements 0.58985
published_at 2026-04-12T12:55:00Z
2
value 0.00372
scoring_system epss
scoring_elements 0.58966
published_at 2026-04-13T12:55:00Z
3
value 0.00372
scoring_system epss
scoring_elements 0.59
published_at 2026-04-16T12:55:00Z
4
value 0.00372
scoring_system epss
scoring_elements 0.59004
published_at 2026-04-18T12:55:00Z
5
value 0.00372
scoring_system epss
scoring_elements 0.58983
published_at 2026-04-21T12:55:00Z
6
value 0.00372
scoring_system epss
scoring_elements 0.58938
published_at 2026-04-02T12:55:00Z
7
value 0.00372
scoring_system epss
scoring_elements 0.58961
published_at 2026-04-04T12:55:00Z
8
value 0.00372
scoring_system epss
scoring_elements 0.58927
published_at 2026-04-07T12:55:00Z
9
value 0.00372
scoring_system epss
scoring_elements 0.58978
published_at 2026-04-08T12:55:00Z
10
value 0.00372
scoring_system epss
scoring_elements 0.58984
published_at 2026-04-09T12:55:00Z
11
value 0.00372
scoring_system epss
scoring_elements 0.59003
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2181
1
reference_url https://hackerone.com/reports/1938185
reference_id 1938185
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:46:53Z/
url https://hackerone.com/reports/1938185
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/407859
reference_id 407859
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:46:53Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/407859
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2181.json
reference_id CVE-2023-2181.json
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:46:53Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2181.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-2181
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dq4q-mw69-q3gg
130
url VCID-dszf-bnkn-mycs
vulnerability_id VCID-dszf-bnkn-mycs
summary An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1105
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.42062
published_at 2026-04-01T12:55:00Z
1
value 0.002
scoring_system epss
scoring_elements 0.42123
published_at 2026-04-02T12:55:00Z
2
value 0.002
scoring_system epss
scoring_elements 0.42151
published_at 2026-04-04T12:55:00Z
3
value 0.002
scoring_system epss
scoring_elements 0.42088
published_at 2026-04-07T12:55:00Z
4
value 0.002
scoring_system epss
scoring_elements 0.42139
published_at 2026-04-08T12:55:00Z
5
value 0.002
scoring_system epss
scoring_elements 0.4215
published_at 2026-04-09T12:55:00Z
6
value 0.002
scoring_system epss
scoring_elements 0.42172
published_at 2026-04-11T12:55:00Z
7
value 0.002
scoring_system epss
scoring_elements 0.42135
published_at 2026-04-12T12:55:00Z
8
value 0.002
scoring_system epss
scoring_elements 0.42111
published_at 2026-04-13T12:55:00Z
9
value 0.002
scoring_system epss
scoring_elements 0.42162
published_at 2026-04-16T12:55:00Z
10
value 0.002
scoring_system epss
scoring_elements 0.42136
published_at 2026-04-18T12:55:00Z
11
value 0.002
scoring_system epss
scoring_elements 0.42066
published_at 2026-04-21T12:55:00Z
12
value 0.002
scoring_system epss
scoring_elements 0.42008
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1105
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1105
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dszf-bnkn-mycs
131
url VCID-du8z-6hwa-r3cz
vulnerability_id VCID-du8z-6hwa-r3cz
summary An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4289
reference_id
reference_type
scores
0
value 0.02377
scoring_system epss
scoring_elements 0.84923
published_at 2026-04-02T12:55:00Z
1
value 0.02377
scoring_system epss
scoring_elements 0.8494
published_at 2026-04-04T12:55:00Z
2
value 0.02377
scoring_system epss
scoring_elements 0.84945
published_at 2026-04-07T12:55:00Z
3
value 0.02377
scoring_system epss
scoring_elements 0.84968
published_at 2026-04-08T12:55:00Z
4
value 0.02377
scoring_system epss
scoring_elements 0.84975
published_at 2026-04-09T12:55:00Z
5
value 0.02377
scoring_system epss
scoring_elements 0.8499
published_at 2026-04-11T12:55:00Z
6
value 0.02377
scoring_system epss
scoring_elements 0.84989
published_at 2026-04-12T12:55:00Z
7
value 0.02377
scoring_system epss
scoring_elements 0.84985
published_at 2026-04-13T12:55:00Z
8
value 0.02377
scoring_system epss
scoring_elements 0.85005
published_at 2026-04-16T12:55:00Z
9
value 0.02377
scoring_system epss
scoring_elements 0.85007
published_at 2026-04-18T12:55:00Z
10
value 0.02377
scoring_system epss
scoring_elements 0.85004
published_at 2026-04-21T12:55:00Z
11
value 0.02377
scoring_system epss
scoring_elements 0.85029
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4289
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-4289
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-du8z-6hwa-r3cz
132
url VCID-dvub-kdg8-m3ba
vulnerability_id VCID-dvub-kdg8-m3ba
summary An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0050
reference_id
reference_type
scores
0
value 0.59625
scoring_system epss
scoring_elements 0.98249
published_at 2026-04-08T12:55:00Z
1
value 0.59625
scoring_system epss
scoring_elements 0.98262
published_at 2026-04-24T12:55:00Z
2
value 0.59625
scoring_system epss
scoring_elements 0.9826
published_at 2026-04-18T12:55:00Z
3
value 0.59625
scoring_system epss
scoring_elements 0.98259
published_at 2026-04-21T12:55:00Z
4
value 0.59625
scoring_system epss
scoring_elements 0.98253
published_at 2026-04-13T12:55:00Z
5
value 0.59625
scoring_system epss
scoring_elements 0.9825
published_at 2026-04-09T12:55:00Z
6
value 0.65254
scoring_system epss
scoring_elements 0.98474
published_at 2026-04-04T12:55:00Z
7
value 0.65254
scoring_system epss
scoring_elements 0.98471
published_at 2026-04-02T12:55:00Z
8
value 0.65254
scoring_system epss
scoring_elements 0.98476
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0050
1
reference_url https://hackerone.com/reports/1731349
reference_id 1731349
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:28:22Z/
url https://hackerone.com/reports/1731349
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/387023
reference_id 387023
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:28:22Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/387023
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0050.json
reference_id CVE-2023-0050.json
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:28:22Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0050.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-0050
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dvub-kdg8-m3ba
133
url VCID-e3uk-9c9y-v3h2
vulnerability_id VCID-e3uk-9c9y-v3h2
summary A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22261
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41849
published_at 2026-04-01T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.41914
published_at 2026-04-02T12:55:00Z
2
value 0.00198
scoring_system epss
scoring_elements 0.41942
published_at 2026-04-04T12:55:00Z
3
value 0.00198
scoring_system epss
scoring_elements 0.4187
published_at 2026-04-07T12:55:00Z
4
value 0.00198
scoring_system epss
scoring_elements 0.4192
published_at 2026-04-08T12:55:00Z
5
value 0.00198
scoring_system epss
scoring_elements 0.41931
published_at 2026-04-09T12:55:00Z
6
value 0.00198
scoring_system epss
scoring_elements 0.41955
published_at 2026-04-11T12:55:00Z
7
value 0.00198
scoring_system epss
scoring_elements 0.41919
published_at 2026-04-12T12:55:00Z
8
value 0.00198
scoring_system epss
scoring_elements 0.41906
published_at 2026-04-13T12:55:00Z
9
value 0.00198
scoring_system epss
scoring_elements 0.41956
published_at 2026-04-16T12:55:00Z
10
value 0.00198
scoring_system epss
scoring_elements 0.41929
published_at 2026-04-18T12:55:00Z
11
value 0.00198
scoring_system epss
scoring_elements 0.41858
published_at 2026-04-21T12:55:00Z
12
value 0.00198
scoring_system epss
scoring_elements 0.41795
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22261
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22261
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3uk-9c9y-v3h2
134
url VCID-e49b-ph77-4kcp
vulnerability_id VCID-e49b-ph77-4kcp
summary Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39900
reference_id
reference_type
scores
0
value 0.00209
scoring_system epss
scoring_elements 0.43273
published_at 2026-04-24T12:55:00Z
1
value 0.00209
scoring_system epss
scoring_elements 0.43296
published_at 2026-04-01T12:55:00Z
2
value 0.00209
scoring_system epss
scoring_elements 0.43353
published_at 2026-04-02T12:55:00Z
3
value 0.00209
scoring_system epss
scoring_elements 0.4338
published_at 2026-04-04T12:55:00Z
4
value 0.00209
scoring_system epss
scoring_elements 0.43318
published_at 2026-04-07T12:55:00Z
5
value 0.00209
scoring_system epss
scoring_elements 0.4337
published_at 2026-04-08T12:55:00Z
6
value 0.00209
scoring_system epss
scoring_elements 0.43385
published_at 2026-04-09T12:55:00Z
7
value 0.00209
scoring_system epss
scoring_elements 0.43405
published_at 2026-04-11T12:55:00Z
8
value 0.00209
scoring_system epss
scoring_elements 0.43373
published_at 2026-04-12T12:55:00Z
9
value 0.00209
scoring_system epss
scoring_elements 0.43358
published_at 2026-04-13T12:55:00Z
10
value 0.00209
scoring_system epss
scoring_elements 0.43417
published_at 2026-04-16T12:55:00Z
11
value 0.00209
scoring_system epss
scoring_elements 0.43406
published_at 2026-04-18T12:55:00Z
12
value 0.00209
scoring_system epss
scoring_elements 0.4334
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39900
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39900
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e49b-ph77-4kcp
135
url VCID-eag7-wvsz-ukdf
vulnerability_id VCID-eag7-wvsz-ukdf
summary Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3285
reference_id
reference_type
scores
0
value 0.00345
scoring_system epss
scoring_elements 0.5703
published_at 2026-04-24T12:55:00Z
1
value 0.00345
scoring_system epss
scoring_elements 0.57093
published_at 2026-04-13T12:55:00Z
2
value 0.00345
scoring_system epss
scoring_elements 0.57121
published_at 2026-04-16T12:55:00Z
3
value 0.00345
scoring_system epss
scoring_elements 0.57095
published_at 2026-04-21T12:55:00Z
4
value 0.00345
scoring_system epss
scoring_elements 0.57074
published_at 2026-04-02T12:55:00Z
5
value 0.00345
scoring_system epss
scoring_elements 0.57096
published_at 2026-04-04T12:55:00Z
6
value 0.00345
scoring_system epss
scoring_elements 0.57073
published_at 2026-04-07T12:55:00Z
7
value 0.00345
scoring_system epss
scoring_elements 0.57124
published_at 2026-04-08T12:55:00Z
8
value 0.00345
scoring_system epss
scoring_elements 0.57125
published_at 2026-04-09T12:55:00Z
9
value 0.00345
scoring_system epss
scoring_elements 0.57137
published_at 2026-04-11T12:55:00Z
10
value 0.00345
scoring_system epss
scoring_elements 0.57116
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3285
1
reference_url https://gitlab.com/gitlab-org/security/omnibus-gitlab/-/issues/64
reference_id 64
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:24:24Z/
url https://gitlab.com/gitlab-org/security/omnibus-gitlab/-/issues/64
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3285.json
reference_id CVE-2022-3285.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:24:24Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3285.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3285
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eag7-wvsz-ukdf
136
url VCID-eh9j-1jam-ryc8
vulnerability_id VCID-eh9j-1jam-ryc8
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails even if a user set their email to private.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0371
reference_id
reference_type
scores
0
value 0.00282
scoring_system epss
scoring_elements 0.51506
published_at 2026-04-01T12:55:00Z
1
value 0.00282
scoring_system epss
scoring_elements 0.51558
published_at 2026-04-02T12:55:00Z
2
value 0.00282
scoring_system epss
scoring_elements 0.51584
published_at 2026-04-04T12:55:00Z
3
value 0.00282
scoring_system epss
scoring_elements 0.51545
published_at 2026-04-07T12:55:00Z
4
value 0.00282
scoring_system epss
scoring_elements 0.51599
published_at 2026-04-08T12:55:00Z
5
value 0.00282
scoring_system epss
scoring_elements 0.51596
published_at 2026-04-09T12:55:00Z
6
value 0.00282
scoring_system epss
scoring_elements 0.51646
published_at 2026-04-11T12:55:00Z
7
value 0.00282
scoring_system epss
scoring_elements 0.51625
published_at 2026-04-12T12:55:00Z
8
value 0.00282
scoring_system epss
scoring_elements 0.51608
published_at 2026-04-13T12:55:00Z
9
value 0.00282
scoring_system epss
scoring_elements 0.5165
published_at 2026-04-16T12:55:00Z
10
value 0.00282
scoring_system epss
scoring_elements 0.51657
published_at 2026-04-18T12:55:00Z
11
value 0.00282
scoring_system epss
scoring_elements 0.51635
published_at 2026-04-21T12:55:00Z
12
value 0.00282
scoring_system epss
scoring_elements 0.51587
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0371
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0371
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eh9j-1jam-ryc8
137
url VCID-et8t-h58x-mybc
vulnerability_id VCID-et8t-h58x-mybc
summary An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3818
reference_id
reference_type
scores
0
value 0.00193
scoring_system epss
scoring_elements 0.41094
published_at 2026-04-24T12:55:00Z
1
value 0.00193
scoring_system epss
scoring_elements 0.41263
published_at 2026-04-13T12:55:00Z
2
value 0.00193
scoring_system epss
scoring_elements 0.41306
published_at 2026-04-16T12:55:00Z
3
value 0.00193
scoring_system epss
scoring_elements 0.41204
published_at 2026-04-21T12:55:00Z
4
value 0.00193
scoring_system epss
scoring_elements 0.41275
published_at 2026-04-02T12:55:00Z
5
value 0.00193
scoring_system epss
scoring_elements 0.41304
published_at 2026-04-04T12:55:00Z
6
value 0.00193
scoring_system epss
scoring_elements 0.41228
published_at 2026-04-07T12:55:00Z
7
value 0.00193
scoring_system epss
scoring_elements 0.41279
published_at 2026-04-08T12:55:00Z
8
value 0.00193
scoring_system epss
scoring_elements 0.41287
published_at 2026-04-09T12:55:00Z
9
value 0.00193
scoring_system epss
scoring_elements 0.41308
published_at 2026-04-11T12:55:00Z
10
value 0.00193
scoring_system epss
scoring_elements 0.41277
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3818
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/358170
reference_id 358170
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:21:10Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/358170
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3818.json
reference_id CVE-2022-3818.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:21:10Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3818.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3818
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-et8t-h58x-mybc
138
url VCID-ewf1-jsf4-nqe8
vulnerability_id VCID-ewf1-jsf4-nqe8
summary Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22226
reference_id
reference_type
scores
0
value 0.00191
scoring_system epss
scoring_elements 0.4083
published_at 2026-04-24T12:55:00Z
1
value 0.00191
scoring_system epss
scoring_elements 0.40926
published_at 2026-04-01T12:55:00Z
2
value 0.00191
scoring_system epss
scoring_elements 0.41008
published_at 2026-04-02T12:55:00Z
3
value 0.00191
scoring_system epss
scoring_elements 0.4104
published_at 2026-04-11T12:55:00Z
4
value 0.00191
scoring_system epss
scoring_elements 0.40965
published_at 2026-04-07T12:55:00Z
5
value 0.00191
scoring_system epss
scoring_elements 0.41014
published_at 2026-04-08T12:55:00Z
6
value 0.00191
scoring_system epss
scoring_elements 0.41022
published_at 2026-04-09T12:55:00Z
7
value 0.00191
scoring_system epss
scoring_elements 0.41005
published_at 2026-04-12T12:55:00Z
8
value 0.00191
scoring_system epss
scoring_elements 0.40989
published_at 2026-04-13T12:55:00Z
9
value 0.00191
scoring_system epss
scoring_elements 0.41031
published_at 2026-04-16T12:55:00Z
10
value 0.00191
scoring_system epss
scoring_elements 0.41002
published_at 2026-04-18T12:55:00Z
11
value 0.00191
scoring_system epss
scoring_elements 0.40924
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22226
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22226
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ewf1-jsf4-nqe8
139
url VCID-ewgh-vf6w-byh8
vulnerability_id VCID-ewgh-vf6w-byh8
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22234
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.38394
published_at 2026-04-01T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38531
published_at 2026-04-02T12:55:00Z
2
value 0.00172
scoring_system epss
scoring_elements 0.38556
published_at 2026-04-04T12:55:00Z
3
value 0.00172
scoring_system epss
scoring_elements 0.38419
published_at 2026-04-07T12:55:00Z
4
value 0.00172
scoring_system epss
scoring_elements 0.38469
published_at 2026-04-08T12:55:00Z
5
value 0.00172
scoring_system epss
scoring_elements 0.38477
published_at 2026-04-16T12:55:00Z
6
value 0.00172
scoring_system epss
scoring_elements 0.38493
published_at 2026-04-11T12:55:00Z
7
value 0.00172
scoring_system epss
scoring_elements 0.38455
published_at 2026-04-12T12:55:00Z
8
value 0.00172
scoring_system epss
scoring_elements 0.3843
published_at 2026-04-13T12:55:00Z
9
value 0.00172
scoring_system epss
scoring_elements 0.38457
published_at 2026-04-18T12:55:00Z
10
value 0.00172
scoring_system epss
scoring_elements 0.38393
published_at 2026-04-21T12:55:00Z
11
value 0.00172
scoring_system epss
scoring_elements 0.38236
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22234
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22234
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ewgh-vf6w-byh8
140
url VCID-f3x4-fgv1-kqeu
vulnerability_id VCID-f3x4-fgv1-kqeu
summary An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3513
reference_id
reference_type
scores
0
value 0.23643
scoring_system epss
scoring_elements 0.96009
published_at 2026-04-24T12:55:00Z
1
value 0.23643
scoring_system epss
scoring_elements 0.95975
published_at 2026-04-07T12:55:00Z
2
value 0.23643
scoring_system epss
scoring_elements 0.95984
published_at 2026-04-08T12:55:00Z
3
value 0.23643
scoring_system epss
scoring_elements 0.95987
published_at 2026-04-09T12:55:00Z
4
value 0.23643
scoring_system epss
scoring_elements 0.9599
published_at 2026-04-12T12:55:00Z
5
value 0.23643
scoring_system epss
scoring_elements 0.95993
published_at 2026-04-13T12:55:00Z
6
value 0.23643
scoring_system epss
scoring_elements 0.96002
published_at 2026-04-16T12:55:00Z
7
value 0.23643
scoring_system epss
scoring_elements 0.96007
published_at 2026-04-18T12:55:00Z
8
value 0.24956
scoring_system epss
scoring_elements 0.96135
published_at 2026-04-02T12:55:00Z
9
value 0.24956
scoring_system epss
scoring_elements 0.96142
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3513
1
reference_url https://hackerone.com/reports/1728015
reference_id 1728015
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:12:22Z/
url https://hackerone.com/reports/1728015
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/377970
reference_id 377970
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:12:22Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/377970
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3513.json
reference_id CVE-2022-3513.json
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:12:22Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3513.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3513
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f3x4-fgv1-kqeu
141
url VCID-f54b-es39-zkeu
vulnerability_id VCID-f54b-es39-zkeu
summary A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1836
reference_id
reference_type
scores
0
value 0.01202
scoring_system epss
scoring_elements 0.78981
published_at 2026-04-24T12:55:00Z
1
value 0.01202
scoring_system epss
scoring_elements 0.78926
published_at 2026-04-13T12:55:00Z
2
value 0.01202
scoring_system epss
scoring_elements 0.7895
published_at 2026-04-21T12:55:00Z
3
value 0.01202
scoring_system epss
scoring_elements 0.78935
published_at 2026-04-12T12:55:00Z
4
value 0.01202
scoring_system epss
scoring_elements 0.78954
published_at 2026-04-16T12:55:00Z
5
value 0.01202
scoring_system epss
scoring_elements 0.78952
published_at 2026-04-18T12:55:00Z
6
value 0.01202
scoring_system epss
scoring_elements 0.78885
published_at 2026-04-02T12:55:00Z
7
value 0.01202
scoring_system epss
scoring_elements 0.78914
published_at 2026-04-04T12:55:00Z
8
value 0.01202
scoring_system epss
scoring_elements 0.78896
published_at 2026-04-07T12:55:00Z
9
value 0.01202
scoring_system epss
scoring_elements 0.7892
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1836
1
reference_url https://hackerone.com/reports/1923293
reference_id 1923293
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T21:46:31Z/
url https://hackerone.com/reports/1923293
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/404613
reference_id 404613
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T21:46:31Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/404613
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1836.json
reference_id CVE-2023-1836.json
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T21:46:31Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1836.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-1836
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f54b-es39-zkeu
142
url VCID-f663-qdnt-4fhz
vulnerability_id VCID-f663-qdnt-4fhz
summary Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39902
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45329
published_at 2026-04-21T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45239
published_at 2026-04-24T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.4532
published_at 2026-04-02T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45342
published_at 2026-04-04T12:55:00Z
4
value 0.00226
scoring_system epss
scoring_elements 0.45285
published_at 2026-04-07T12:55:00Z
5
value 0.00226
scoring_system epss
scoring_elements 0.4534
published_at 2026-04-09T12:55:00Z
6
value 0.00226
scoring_system epss
scoring_elements 0.45362
published_at 2026-04-11T12:55:00Z
7
value 0.00226
scoring_system epss
scoring_elements 0.4533
published_at 2026-04-12T12:55:00Z
8
value 0.00226
scoring_system epss
scoring_elements 0.45332
published_at 2026-04-13T12:55:00Z
9
value 0.00226
scoring_system epss
scoring_elements 0.45383
published_at 2026-04-16T12:55:00Z
10
value 0.00226
scoring_system epss
scoring_elements 0.45379
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39902
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39902
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f663-qdnt-4fhz
143
url VCID-fhyb-ywht-fubs
vulnerability_id VCID-fhyb-ywht-fubs
summary An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0152
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35799
published_at 2026-04-01T12:55:00Z
1
value 0.00152
scoring_system epss
scoring_elements 0.35989
published_at 2026-04-02T12:55:00Z
2
value 0.00152
scoring_system epss
scoring_elements 0.36018
published_at 2026-04-04T12:55:00Z
3
value 0.00152
scoring_system epss
scoring_elements 0.3585
published_at 2026-04-07T12:55:00Z
4
value 0.00152
scoring_system epss
scoring_elements 0.359
published_at 2026-04-08T12:55:00Z
5
value 0.00152
scoring_system epss
scoring_elements 0.35923
published_at 2026-04-09T12:55:00Z
6
value 0.00152
scoring_system epss
scoring_elements 0.35929
published_at 2026-04-11T12:55:00Z
7
value 0.00152
scoring_system epss
scoring_elements 0.35888
published_at 2026-04-12T12:55:00Z
8
value 0.00152
scoring_system epss
scoring_elements 0.35864
published_at 2026-04-13T12:55:00Z
9
value 0.00152
scoring_system epss
scoring_elements 0.35904
published_at 2026-04-16T12:55:00Z
10
value 0.00152
scoring_system epss
scoring_elements 0.35891
published_at 2026-04-18T12:55:00Z
11
value 0.00152
scoring_system epss
scoring_elements 0.35843
published_at 2026-04-21T12:55:00Z
12
value 0.00152
scoring_system epss
scoring_elements 0.35615
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0152
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0152
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fhyb-ywht-fubs
144
url VCID-fjvt-kscp-fqge
vulnerability_id VCID-fjvt-kscp-fqge
summary An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3066
reference_id
reference_type
scores
0
value 0.00166
scoring_system epss
scoring_elements 0.37738
published_at 2026-04-02T12:55:00Z
1
value 0.00166
scoring_system epss
scoring_elements 0.37763
published_at 2026-04-04T12:55:00Z
2
value 0.00166
scoring_system epss
scoring_elements 0.37641
published_at 2026-04-07T12:55:00Z
3
value 0.00166
scoring_system epss
scoring_elements 0.37692
published_at 2026-04-08T12:55:00Z
4
value 0.00166
scoring_system epss
scoring_elements 0.37706
published_at 2026-04-09T12:55:00Z
5
value 0.00166
scoring_system epss
scoring_elements 0.37719
published_at 2026-04-11T12:55:00Z
6
value 0.00175
scoring_system epss
scoring_elements 0.38718
published_at 2026-04-24T12:55:00Z
7
value 0.00175
scoring_system epss
scoring_elements 0.38963
published_at 2026-04-18T12:55:00Z
8
value 0.00175
scoring_system epss
scoring_elements 0.38936
published_at 2026-04-13T12:55:00Z
9
value 0.00175
scoring_system epss
scoring_elements 0.38983
published_at 2026-04-16T12:55:00Z
10
value 0.00175
scoring_system epss
scoring_elements 0.38881
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3066
1
reference_url https://hackerone.com/reports/1685105
reference_id 1685105
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:18:30Z/
url https://hackerone.com/reports/1685105
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/372149
reference_id 372149
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:18:30Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/372149
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3066.json
reference_id CVE-2022-3066.json
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:18:30Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3066.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3066
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fjvt-kscp-fqge
145
url VCID-fmby-pwvt-ybg3
vulnerability_id VCID-fmby-pwvt-ybg3
summary An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2527
reference_id
reference_type
scores
0
value 0.00474
scoring_system epss
scoring_elements 0.64796
published_at 2026-04-12T12:55:00Z
1
value 0.00474
scoring_system epss
scoring_elements 0.64822
published_at 2026-04-24T12:55:00Z
2
value 0.00474
scoring_system epss
scoring_elements 0.64804
published_at 2026-04-21T12:55:00Z
3
value 0.00474
scoring_system epss
scoring_elements 0.64817
published_at 2026-04-18T12:55:00Z
4
value 0.00474
scoring_system epss
scoring_elements 0.64806
published_at 2026-04-16T12:55:00Z
5
value 0.00474
scoring_system epss
scoring_elements 0.64768
published_at 2026-04-13T12:55:00Z
6
value 0.00498
scoring_system epss
scoring_elements 0.65887
published_at 2026-04-08T12:55:00Z
7
value 0.00498
scoring_system epss
scoring_elements 0.65869
published_at 2026-04-04T12:55:00Z
8
value 0.00498
scoring_system epss
scoring_elements 0.65835
published_at 2026-04-07T12:55:00Z
9
value 0.00498
scoring_system epss
scoring_elements 0.65839
published_at 2026-04-02T12:55:00Z
10
value 0.00498
scoring_system epss
scoring_elements 0.65899
published_at 2026-04-09T12:55:00Z
11
value 0.00498
scoring_system epss
scoring_elements 0.65917
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2527
1
reference_url https://hackerone.com/reports/1647446
reference_id 1647446
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T19:34:31Z/
url https://hackerone.com/reports/1647446
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/368676
reference_id 368676
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T19:34:31Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/368676
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2527.json
reference_id CVE-2022-2527.json
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T19:34:31Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2527.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2527
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fmby-pwvt-ybg3
146
url VCID-fnr8-6jma-guag
vulnerability_id VCID-fnr8-6jma-guag
summary A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1111
reference_id
reference_type
scores
0
value 0.00249
scoring_system epss
scoring_elements 0.48086
published_at 2026-04-01T12:55:00Z
1
value 0.00249
scoring_system epss
scoring_elements 0.48123
published_at 2026-04-02T12:55:00Z
2
value 0.00249
scoring_system epss
scoring_elements 0.48144
published_at 2026-04-04T12:55:00Z
3
value 0.00249
scoring_system epss
scoring_elements 0.48094
published_at 2026-04-07T12:55:00Z
4
value 0.00249
scoring_system epss
scoring_elements 0.48147
published_at 2026-04-08T12:55:00Z
5
value 0.00249
scoring_system epss
scoring_elements 0.48142
published_at 2026-04-09T12:55:00Z
6
value 0.00249
scoring_system epss
scoring_elements 0.48166
published_at 2026-04-11T12:55:00Z
7
value 0.00249
scoring_system epss
scoring_elements 0.48139
published_at 2026-04-12T12:55:00Z
8
value 0.00249
scoring_system epss
scoring_elements 0.4815
published_at 2026-04-13T12:55:00Z
9
value 0.00249
scoring_system epss
scoring_elements 0.48202
published_at 2026-04-16T12:55:00Z
10
value 0.00249
scoring_system epss
scoring_elements 0.48197
published_at 2026-04-18T12:55:00Z
11
value 0.00249
scoring_system epss
scoring_elements 0.48153
published_at 2026-04-21T12:55:00Z
12
value 0.00249
scoring_system epss
scoring_elements 0.48133
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1111
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1111
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fnr8-6jma-guag
147
url VCID-fvqd-dnqf-8fdd
vulnerability_id VCID-fvqd-dnqf-8fdd
summary An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0319
reference_id
reference_type
scores
0
value 0.00625
scoring_system epss
scoring_elements 0.70265
published_at 2026-04-24T12:55:00Z
1
value 0.00625
scoring_system epss
scoring_elements 0.70171
published_at 2026-04-08T12:55:00Z
2
value 0.00625
scoring_system epss
scoring_elements 0.70187
published_at 2026-04-09T12:55:00Z
3
value 0.00625
scoring_system epss
scoring_elements 0.70211
published_at 2026-04-11T12:55:00Z
4
value 0.00625
scoring_system epss
scoring_elements 0.70196
published_at 2026-04-12T12:55:00Z
5
value 0.00625
scoring_system epss
scoring_elements 0.70183
published_at 2026-04-13T12:55:00Z
6
value 0.00625
scoring_system epss
scoring_elements 0.70225
published_at 2026-04-16T12:55:00Z
7
value 0.00625
scoring_system epss
scoring_elements 0.70234
published_at 2026-04-18T12:55:00Z
8
value 0.00625
scoring_system epss
scoring_elements 0.70213
published_at 2026-04-21T12:55:00Z
9
value 0.00625
scoring_system epss
scoring_elements 0.70124
published_at 2026-04-07T12:55:00Z
10
value 0.00699
scoring_system epss
scoring_elements 0.71958
published_at 2026-04-04T12:55:00Z
11
value 0.00699
scoring_system epss
scoring_elements 0.71938
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0319
1
reference_url https://hackerone.com/reports/1817586
reference_id 1817586
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:09:07Z/
url https://hackerone.com/reports/1817586
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/388096
reference_id 388096
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:09:07Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/388096
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0319.json
reference_id CVE-2023-0319.json
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:09:07Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0319.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-0319
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fvqd-dnqf-8fdd
148
url VCID-ge5p-j2j1-j3dr
vulnerability_id VCID-ge5p-j2j1-j3dr
summary Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22262
reference_id
reference_type
scores
0
value 0.00155
scoring_system epss
scoring_elements 0.36165
published_at 2026-04-01T12:55:00Z
1
value 0.00155
scoring_system epss
scoring_elements 0.3636
published_at 2026-04-02T12:55:00Z
2
value 0.00155
scoring_system epss
scoring_elements 0.36392
published_at 2026-04-04T12:55:00Z
3
value 0.00155
scoring_system epss
scoring_elements 0.36227
published_at 2026-04-07T12:55:00Z
4
value 0.00155
scoring_system epss
scoring_elements 0.36276
published_at 2026-04-08T12:55:00Z
5
value 0.00155
scoring_system epss
scoring_elements 0.36298
published_at 2026-04-09T12:55:00Z
6
value 0.00155
scoring_system epss
scoring_elements 0.36304
published_at 2026-04-11T12:55:00Z
7
value 0.00155
scoring_system epss
scoring_elements 0.36267
published_at 2026-04-12T12:55:00Z
8
value 0.00155
scoring_system epss
scoring_elements 0.36243
published_at 2026-04-13T12:55:00Z
9
value 0.00155
scoring_system epss
scoring_elements 0.36287
published_at 2026-04-16T12:55:00Z
10
value 0.00155
scoring_system epss
scoring_elements 0.36271
published_at 2026-04-18T12:55:00Z
11
value 0.00155
scoring_system epss
scoring_elements 0.36219
published_at 2026-04-21T12:55:00Z
12
value 0.00155
scoring_system epss
scoring_elements 0.35987
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22262
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22262
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ge5p-j2j1-j3dr
149
url VCID-gg49-yk1p-tyfr
vulnerability_id VCID-gg49-yk1p-tyfr
summary An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22183
reference_id
reference_type
scores
0
value 0.0017
scoring_system epss
scoring_elements 0.38161
published_at 2026-04-01T12:55:00Z
1
value 0.0017
scoring_system epss
scoring_elements 0.38298
published_at 2026-04-02T12:55:00Z
2
value 0.0017
scoring_system epss
scoring_elements 0.38321
published_at 2026-04-04T12:55:00Z
3
value 0.0017
scoring_system epss
scoring_elements 0.3819
published_at 2026-04-07T12:55:00Z
4
value 0.0017
scoring_system epss
scoring_elements 0.3824
published_at 2026-04-08T12:55:00Z
5
value 0.0017
scoring_system epss
scoring_elements 0.38248
published_at 2026-04-09T12:55:00Z
6
value 0.0017
scoring_system epss
scoring_elements 0.38267
published_at 2026-04-11T12:55:00Z
7
value 0.0017
scoring_system epss
scoring_elements 0.38231
published_at 2026-04-12T12:55:00Z
8
value 0.0017
scoring_system epss
scoring_elements 0.38207
published_at 2026-04-13T12:55:00Z
9
value 0.0017
scoring_system epss
scoring_elements 0.38254
published_at 2026-04-16T12:55:00Z
10
value 0.0017
scoring_system epss
scoring_elements 0.38234
published_at 2026-04-18T12:55:00Z
11
value 0.0017
scoring_system epss
scoring_elements 0.38166
published_at 2026-04-21T12:55:00Z
12
value 0.0017
scoring_system epss
scoring_elements 0.38002
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22183
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22183
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gg49-yk1p-tyfr
150
url VCID-gj1u-z63z-u3hj
vulnerability_id VCID-gj1u-z63z-u3hj
summary A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3283
reference_id
reference_type
scores
0
value 0.00595
scoring_system epss
scoring_elements 0.69393
published_at 2026-04-24T12:55:00Z
1
value 0.00595
scoring_system epss
scoring_elements 0.69341
published_at 2026-04-12T12:55:00Z
2
value 0.00595
scoring_system epss
scoring_elements 0.69313
published_at 2026-04-13T12:55:00Z
3
value 0.00595
scoring_system epss
scoring_elements 0.69352
published_at 2026-04-16T12:55:00Z
4
value 0.00595
scoring_system epss
scoring_elements 0.69362
published_at 2026-04-18T12:55:00Z
5
value 0.00595
scoring_system epss
scoring_elements 0.69342
published_at 2026-04-21T12:55:00Z
6
value 0.00595
scoring_system epss
scoring_elements 0.69269
published_at 2026-04-02T12:55:00Z
7
value 0.00595
scoring_system epss
scoring_elements 0.69287
published_at 2026-04-04T12:55:00Z
8
value 0.00595
scoring_system epss
scoring_elements 0.69268
published_at 2026-04-07T12:55:00Z
9
value 0.00595
scoring_system epss
scoring_elements 0.69317
published_at 2026-04-08T12:55:00Z
10
value 0.00595
scoring_system epss
scoring_elements 0.69335
published_at 2026-04-09T12:55:00Z
11
value 0.00595
scoring_system epss
scoring_elements 0.69357
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3283
1
reference_url https://hackerone.com/reports/1543718
reference_id 1543718
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:45:58Z/
url https://hackerone.com/reports/1543718
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/361982
reference_id 361982
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:45:58Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/361982
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3283.json
reference_id CVE-2022-3283.json
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:45:58Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3283.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3283
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gj1u-z63z-u3hj
151
url VCID-gvwq-zqmf-ruak
vulnerability_id VCID-gvwq-zqmf-ruak
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39910
reference_id
reference_type
scores
0
value 0.0018
scoring_system epss
scoring_elements 0.39343
published_at 2026-04-24T12:55:00Z
1
value 0.0018
scoring_system epss
scoring_elements 0.3947
published_at 2026-04-01T12:55:00Z
2
value 0.0018
scoring_system epss
scoring_elements 0.3962
published_at 2026-04-02T12:55:00Z
3
value 0.0018
scoring_system epss
scoring_elements 0.39642
published_at 2026-04-04T12:55:00Z
4
value 0.0018
scoring_system epss
scoring_elements 0.39559
published_at 2026-04-07T12:55:00Z
5
value 0.0018
scoring_system epss
scoring_elements 0.39613
published_at 2026-04-08T12:55:00Z
6
value 0.0018
scoring_system epss
scoring_elements 0.39628
published_at 2026-04-09T12:55:00Z
7
value 0.0018
scoring_system epss
scoring_elements 0.39638
published_at 2026-04-11T12:55:00Z
8
value 0.0018
scoring_system epss
scoring_elements 0.39601
published_at 2026-04-12T12:55:00Z
9
value 0.0018
scoring_system epss
scoring_elements 0.39585
published_at 2026-04-13T12:55:00Z
10
value 0.0018
scoring_system epss
scoring_elements 0.39636
published_at 2026-04-16T12:55:00Z
11
value 0.0018
scoring_system epss
scoring_elements 0.39606
published_at 2026-04-18T12:55:00Z
12
value 0.0018
scoring_system epss
scoring_elements 0.39523
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39910
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39910
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gvwq-zqmf-ruak
152
url VCID-gwem-yat3-ebat
vulnerability_id VCID-gwem-yat3-ebat
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22197
reference_id
reference_type
scores
0
value 0.00353
scoring_system epss
scoring_elements 0.57622
published_at 2026-04-24T12:55:00Z
1
value 0.00353
scoring_system epss
scoring_elements 0.57546
published_at 2026-04-01T12:55:00Z
2
value 0.00353
scoring_system epss
scoring_elements 0.57631
published_at 2026-04-02T12:55:00Z
3
value 0.00353
scoring_system epss
scoring_elements 0.57652
published_at 2026-04-04T12:55:00Z
4
value 0.00353
scoring_system epss
scoring_elements 0.57628
published_at 2026-04-07T12:55:00Z
5
value 0.00353
scoring_system epss
scoring_elements 0.57682
published_at 2026-04-08T12:55:00Z
6
value 0.00353
scoring_system epss
scoring_elements 0.57685
published_at 2026-04-18T12:55:00Z
7
value 0.00353
scoring_system epss
scoring_elements 0.577
published_at 2026-04-11T12:55:00Z
8
value 0.00353
scoring_system epss
scoring_elements 0.57679
published_at 2026-04-12T12:55:00Z
9
value 0.00353
scoring_system epss
scoring_elements 0.57659
published_at 2026-04-13T12:55:00Z
10
value 0.00353
scoring_system epss
scoring_elements 0.57689
published_at 2026-04-16T12:55:00Z
11
value 0.00353
scoring_system epss
scoring_elements 0.57664
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22197
1
reference_url https://security.archlinux.org/AVG-1770
reference_id AVG-1770
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1770
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22197
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwem-yat3-ebat
153
url VCID-gyux-nx2t-w3bc
vulnerability_id VCID-gyux-nx2t-w3bc
summary Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0741
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.50744
published_at 2026-04-01T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.508
published_at 2026-04-02T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.50826
published_at 2026-04-04T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.50784
published_at 2026-04-07T12:55:00Z
4
value 0.00274
scoring_system epss
scoring_elements 0.5084
published_at 2026-04-08T12:55:00Z
5
value 0.00274
scoring_system epss
scoring_elements 0.50839
published_at 2026-04-09T12:55:00Z
6
value 0.00274
scoring_system epss
scoring_elements 0.5088
published_at 2026-04-16T12:55:00Z
7
value 0.00274
scoring_system epss
scoring_elements 0.50857
published_at 2026-04-12T12:55:00Z
8
value 0.00274
scoring_system epss
scoring_elements 0.50842
published_at 2026-04-13T12:55:00Z
9
value 0.00274
scoring_system epss
scoring_elements 0.50886
published_at 2026-04-18T12:55:00Z
10
value 0.00274
scoring_system epss
scoring_elements 0.50864
published_at 2026-04-21T12:55:00Z
11
value 0.00274
scoring_system epss
scoring_elements 0.50813
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0741
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0741
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gyux-nx2t-w3bc
154
url VCID-h147-6yrd-8ubf
vulnerability_id VCID-h147-6yrd-8ubf
summary An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects' content given the project's ID.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3067
reference_id
reference_type
scores
0
value 0.00231
scoring_system epss
scoring_elements 0.45907
published_at 2026-04-21T12:55:00Z
1
value 0.00231
scoring_system epss
scoring_elements 0.45856
published_at 2026-04-24T12:55:00Z
2
value 0.00231
scoring_system epss
scoring_elements 0.45962
published_at 2026-04-18T12:55:00Z
3
value 0.00231
scoring_system epss
scoring_elements 0.45967
published_at 2026-04-16T12:55:00Z
4
value 0.00231
scoring_system epss
scoring_elements 0.45915
published_at 2026-04-13T12:55:00Z
5
value 0.00242
scoring_system epss
scoring_elements 0.47442
published_at 2026-04-07T12:55:00Z
6
value 0.00242
scoring_system epss
scoring_elements 0.47493
published_at 2026-04-04T12:55:00Z
7
value 0.00242
scoring_system epss
scoring_elements 0.47472
published_at 2026-04-02T12:55:00Z
8
value 0.00242
scoring_system epss
scoring_elements 0.47497
published_at 2026-04-08T12:55:00Z
9
value 0.00242
scoring_system epss
scoring_elements 0.47494
published_at 2026-04-09T12:55:00Z
10
value 0.00242
scoring_system epss
scoring_elements 0.47516
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3067
1
reference_url https://hackerone.com/reports/1685822
reference_id 1685822
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:05:38Z/
url https://hackerone.com/reports/1685822
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/372165
reference_id 372165
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:05:38Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/372165
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3067.json
reference_id CVE-2022-3067.json
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:05:38Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3067.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3067
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h147-6yrd-8ubf
155
url VCID-h267-4vt1-fyhn
vulnerability_id VCID-h267-4vt1-fyhn
summary It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1545
reference_id
reference_type
scores
0
value 0.0026
scoring_system epss
scoring_elements 0.49361
published_at 2026-04-01T12:55:00Z
1
value 0.0026
scoring_system epss
scoring_elements 0.49389
published_at 2026-04-02T12:55:00Z
2
value 0.0026
scoring_system epss
scoring_elements 0.49416
published_at 2026-04-04T12:55:00Z
3
value 0.0026
scoring_system epss
scoring_elements 0.4937
published_at 2026-04-07T12:55:00Z
4
value 0.0026
scoring_system epss
scoring_elements 0.49424
published_at 2026-04-08T12:55:00Z
5
value 0.0026
scoring_system epss
scoring_elements 0.4942
published_at 2026-04-09T12:55:00Z
6
value 0.0026
scoring_system epss
scoring_elements 0.49438
published_at 2026-04-11T12:55:00Z
7
value 0.0026
scoring_system epss
scoring_elements 0.49409
published_at 2026-04-12T12:55:00Z
8
value 0.0026
scoring_system epss
scoring_elements 0.49412
published_at 2026-04-13T12:55:00Z
9
value 0.0026
scoring_system epss
scoring_elements 0.49458
published_at 2026-04-16T12:55:00Z
10
value 0.0026
scoring_system epss
scoring_elements 0.49455
published_at 2026-04-18T12:55:00Z
11
value 0.0026
scoring_system epss
scoring_elements 0.49425
published_at 2026-04-21T12:55:00Z
12
value 0.0026
scoring_system epss
scoring_elements 0.49415
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1545
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1545
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h267-4vt1-fyhn
156
url VCID-h2d4-85z3-rfe3
vulnerability_id VCID-h2d4-85z3-rfe3
summary Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1175
reference_id
reference_type
scores
0
value 0.10323
scoring_system epss
scoring_elements 0.93153
published_at 2026-04-01T12:55:00Z
1
value 0.10323
scoring_system epss
scoring_elements 0.93162
published_at 2026-04-02T12:55:00Z
2
value 0.10323
scoring_system epss
scoring_elements 0.93166
published_at 2026-04-04T12:55:00Z
3
value 0.10323
scoring_system epss
scoring_elements 0.93165
published_at 2026-04-07T12:55:00Z
4
value 0.10323
scoring_system epss
scoring_elements 0.93174
published_at 2026-04-08T12:55:00Z
5
value 0.10323
scoring_system epss
scoring_elements 0.93178
published_at 2026-04-09T12:55:00Z
6
value 0.10323
scoring_system epss
scoring_elements 0.93184
published_at 2026-04-11T12:55:00Z
7
value 0.10323
scoring_system epss
scoring_elements 0.93181
published_at 2026-04-12T12:55:00Z
8
value 0.10323
scoring_system epss
scoring_elements 0.93183
published_at 2026-04-13T12:55:00Z
9
value 0.10323
scoring_system epss
scoring_elements 0.93199
published_at 2026-04-16T12:55:00Z
10
value 0.10323
scoring_system epss
scoring_elements 0.93203
published_at 2026-04-18T12:55:00Z
11
value 0.10323
scoring_system epss
scoring_elements 0.93211
published_at 2026-04-21T12:55:00Z
12
value 0.10323
scoring_system epss
scoring_elements 0.93217
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1175
1
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/50889.txt
reference_id CVE-2022-1175
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/50889.txt
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1175
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h2d4-85z3-rfe3
157
url VCID-h31e-d7a4-nya5
vulnerability_id VCID-h31e-d7a4-nya5
summary Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2227
reference_id
reference_type
scores
0
value 0.0016
scoring_system epss
scoring_elements 0.36952
published_at 2026-04-02T12:55:00Z
1
value 0.0016
scoring_system epss
scoring_elements 0.36986
published_at 2026-04-04T12:55:00Z
2
value 0.0016
scoring_system epss
scoring_elements 0.36817
published_at 2026-04-07T12:55:00Z
3
value 0.0016
scoring_system epss
scoring_elements 0.36869
published_at 2026-04-08T12:55:00Z
4
value 0.0016
scoring_system epss
scoring_elements 0.36884
published_at 2026-04-09T12:55:00Z
5
value 0.0016
scoring_system epss
scoring_elements 0.36893
published_at 2026-04-11T12:55:00Z
6
value 0.0016
scoring_system epss
scoring_elements 0.36857
published_at 2026-04-12T12:55:00Z
7
value 0.0016
scoring_system epss
scoring_elements 0.36832
published_at 2026-04-13T12:55:00Z
8
value 0.0016
scoring_system epss
scoring_elements 0.36876
published_at 2026-04-16T12:55:00Z
9
value 0.0016
scoring_system epss
scoring_elements 0.36859
published_at 2026-04-18T12:55:00Z
10
value 0.0016
scoring_system epss
scoring_elements 0.36802
published_at 2026-04-21T12:55:00Z
11
value 0.0016
scoring_system epss
scoring_elements 0.36575
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2227
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2227
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h31e-d7a4-nya5
158
url VCID-h4cb-63qp-h7hy
vulnerability_id VCID-h4cb-63qp-h7hy
summary Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0373
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.50752
published_at 2026-04-01T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.50808
published_at 2026-04-02T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.50834
published_at 2026-04-04T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.50792
published_at 2026-04-07T12:55:00Z
4
value 0.00274
scoring_system epss
scoring_elements 0.50849
published_at 2026-04-08T12:55:00Z
5
value 0.00274
scoring_system epss
scoring_elements 0.50847
published_at 2026-04-09T12:55:00Z
6
value 0.00274
scoring_system epss
scoring_elements 0.50888
published_at 2026-04-16T12:55:00Z
7
value 0.00274
scoring_system epss
scoring_elements 0.50865
published_at 2026-04-12T12:55:00Z
8
value 0.00274
scoring_system epss
scoring_elements 0.5085
published_at 2026-04-13T12:55:00Z
9
value 0.00274
scoring_system epss
scoring_elements 0.50895
published_at 2026-04-18T12:55:00Z
10
value 0.00274
scoring_system epss
scoring_elements 0.50873
published_at 2026-04-21T12:55:00Z
11
value 0.00274
scoring_system epss
scoring_elements 0.50823
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0373
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0373
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4cb-63qp-h7hy
159
url VCID-h8td-pdxx-y7en
vulnerability_id VCID-h8td-pdxx-y7en
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39917
reference_id
reference_type
scores
0
value 0.00386
scoring_system epss
scoring_elements 0.59803
published_at 2026-04-24T12:55:00Z
1
value 0.00386
scoring_system epss
scoring_elements 0.59687
published_at 2026-04-01T12:55:00Z
2
value 0.00386
scoring_system epss
scoring_elements 0.5976
published_at 2026-04-02T12:55:00Z
3
value 0.00386
scoring_system epss
scoring_elements 0.59784
published_at 2026-04-04T12:55:00Z
4
value 0.00386
scoring_system epss
scoring_elements 0.59753
published_at 2026-04-07T12:55:00Z
5
value 0.00386
scoring_system epss
scoring_elements 0.59805
published_at 2026-04-08T12:55:00Z
6
value 0.00386
scoring_system epss
scoring_elements 0.59818
published_at 2026-04-09T12:55:00Z
7
value 0.00386
scoring_system epss
scoring_elements 0.59838
published_at 2026-04-11T12:55:00Z
8
value 0.00386
scoring_system epss
scoring_elements 0.59822
published_at 2026-04-12T12:55:00Z
9
value 0.00386
scoring_system epss
scoring_elements 0.59804
published_at 2026-04-13T12:55:00Z
10
value 0.00386
scoring_system epss
scoring_elements 0.59841
published_at 2026-04-16T12:55:00Z
11
value 0.00386
scoring_system epss
scoring_elements 0.59848
published_at 2026-04-18T12:55:00Z
12
value 0.00386
scoring_system epss
scoring_elements 0.59832
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39917
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39917
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8td-pdxx-y7en
160
url VCID-h8yw-kg7e-cqak
vulnerability_id VCID-h8yw-kg7e-cqak
summary gitlab: An authorization logic error in the External Status Check API in GitLab EE
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39943.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39943.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39943
reference_id
reference_type
scores
0
value 0.00244
scoring_system epss
scoring_elements 0.47613
published_at 2026-04-01T12:55:00Z
1
value 0.00244
scoring_system epss
scoring_elements 0.47652
published_at 2026-04-02T12:55:00Z
2
value 0.00244
scoring_system epss
scoring_elements 0.47672
published_at 2026-04-12T12:55:00Z
3
value 0.00244
scoring_system epss
scoring_elements 0.47622
published_at 2026-04-07T12:55:00Z
4
value 0.00244
scoring_system epss
scoring_elements 0.47677
published_at 2026-04-08T12:55:00Z
5
value 0.00244
scoring_system epss
scoring_elements 0.47673
published_at 2026-04-09T12:55:00Z
6
value 0.00244
scoring_system epss
scoring_elements 0.47696
published_at 2026-04-11T12:55:00Z
7
value 0.00244
scoring_system epss
scoring_elements 0.47681
published_at 2026-04-13T12:55:00Z
8
value 0.00244
scoring_system epss
scoring_elements 0.47739
published_at 2026-04-16T12:55:00Z
9
value 0.00244
scoring_system epss
scoring_elements 0.47731
published_at 2026-04-18T12:55:00Z
10
value 0.00244
scoring_system epss
scoring_elements 0.47684
published_at 2026-04-21T12:55:00Z
11
value 0.00244
scoring_system epss
scoring_elements 0.47664
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39943
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2052909
reference_id 2052909
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2052909
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39943
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8yw-kg7e-cqak
161
url VCID-hawe-rs16-37bf
vulnerability_id VCID-hawe-rs16-37bf
summary Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1416
reference_id
reference_type
scores
0
value 0.00153
scoring_system epss
scoring_elements 0.3571
published_at 2026-04-24T12:55:00Z
1
value 0.00153
scoring_system epss
scoring_elements 0.35894
published_at 2026-04-01T12:55:00Z
2
value 0.00153
scoring_system epss
scoring_elements 0.36085
published_at 2026-04-02T12:55:00Z
3
value 0.00153
scoring_system epss
scoring_elements 0.36115
published_at 2026-04-04T12:55:00Z
4
value 0.00153
scoring_system epss
scoring_elements 0.3595
published_at 2026-04-07T12:55:00Z
5
value 0.00153
scoring_system epss
scoring_elements 0.36
published_at 2026-04-08T12:55:00Z
6
value 0.00153
scoring_system epss
scoring_elements 0.36023
published_at 2026-04-09T12:55:00Z
7
value 0.00153
scoring_system epss
scoring_elements 0.36029
published_at 2026-04-11T12:55:00Z
8
value 0.00153
scoring_system epss
scoring_elements 0.35991
published_at 2026-04-12T12:55:00Z
9
value 0.00153
scoring_system epss
scoring_elements 0.35965
published_at 2026-04-13T12:55:00Z
10
value 0.00153
scoring_system epss
scoring_elements 0.36004
published_at 2026-04-16T12:55:00Z
11
value 0.00153
scoring_system epss
scoring_elements 0.3599
published_at 2026-04-18T12:55:00Z
12
value 0.00153
scoring_system epss
scoring_elements 0.35939
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1416
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1416
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hawe-rs16-37bf
162
url VCID-hd2f-p7zx-vqcp
vulnerability_id VCID-hd2f-p7zx-vqcp
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2512
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.31331
published_at 2026-04-24T12:55:00Z
1
value 0.00123
scoring_system epss
scoring_elements 0.31655
published_at 2026-04-02T12:55:00Z
2
value 0.00123
scoring_system epss
scoring_elements 0.31699
published_at 2026-04-04T12:55:00Z
3
value 0.00123
scoring_system epss
scoring_elements 0.31517
published_at 2026-04-07T12:55:00Z
4
value 0.00123
scoring_system epss
scoring_elements 0.3157
published_at 2026-04-08T12:55:00Z
5
value 0.00123
scoring_system epss
scoring_elements 0.316
published_at 2026-04-09T12:55:00Z
6
value 0.00123
scoring_system epss
scoring_elements 0.31605
published_at 2026-04-11T12:55:00Z
7
value 0.00123
scoring_system epss
scoring_elements 0.31563
published_at 2026-04-12T12:55:00Z
8
value 0.00123
scoring_system epss
scoring_elements 0.31526
published_at 2026-04-13T12:55:00Z
9
value 0.00123
scoring_system epss
scoring_elements 0.31559
published_at 2026-04-16T12:55:00Z
10
value 0.00123
scoring_system epss
scoring_elements 0.31537
published_at 2026-04-18T12:55:00Z
11
value 0.00123
scoring_system epss
scoring_elements 0.31504
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2512
1
reference_url https://security.archlinux.org/AVG-2785
reference_id AVG-2785
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2785
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2512
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hd2f-p7zx-vqcp
163
url VCID-hfyr-23g4-y7e5
vulnerability_id VCID-hfyr-23g4-y7e5
summary An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's public fingerprint and name when that key has write permission. Note that GitLab never asks for nor stores the private key.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2095
reference_id
reference_type
scores
0
value 0.00581
scoring_system epss
scoring_elements 0.6898
published_at 2026-04-24T12:55:00Z
1
value 0.00581
scoring_system epss
scoring_elements 0.6885
published_at 2026-04-02T12:55:00Z
2
value 0.00581
scoring_system epss
scoring_elements 0.68871
published_at 2026-04-04T12:55:00Z
3
value 0.00581
scoring_system epss
scoring_elements 0.68851
published_at 2026-04-07T12:55:00Z
4
value 0.00581
scoring_system epss
scoring_elements 0.68901
published_at 2026-04-08T12:55:00Z
5
value 0.00581
scoring_system epss
scoring_elements 0.68919
published_at 2026-04-09T12:55:00Z
6
value 0.00581
scoring_system epss
scoring_elements 0.68942
published_at 2026-04-11T12:55:00Z
7
value 0.00581
scoring_system epss
scoring_elements 0.68928
published_at 2026-04-12T12:55:00Z
8
value 0.00581
scoring_system epss
scoring_elements 0.68899
published_at 2026-04-13T12:55:00Z
9
value 0.00581
scoring_system epss
scoring_elements 0.68939
published_at 2026-04-16T12:55:00Z
10
value 0.00581
scoring_system epss
scoring_elements 0.6895
published_at 2026-04-18T12:55:00Z
11
value 0.00581
scoring_system epss
scoring_elements 0.68929
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2095
1
reference_url https://security.archlinux.org/AVG-2785
reference_id AVG-2785
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2785
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2095
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hfyr-23g4-y7e5
164
url VCID-hrbv-6bwd-a3hz
vulnerability_id VCID-hrbv-6bwd-a3hz
summary An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26414
reference_id
reference_type
scores
0
value 0.00268
scoring_system epss
scoring_elements 0.50316
published_at 2026-04-24T12:55:00Z
1
value 0.00268
scoring_system epss
scoring_elements 0.50263
published_at 2026-04-01T12:55:00Z
2
value 0.00268
scoring_system epss
scoring_elements 0.50303
published_at 2026-04-02T12:55:00Z
3
value 0.00268
scoring_system epss
scoring_elements 0.50332
published_at 2026-04-04T12:55:00Z
4
value 0.00268
scoring_system epss
scoring_elements 0.5028
published_at 2026-04-07T12:55:00Z
5
value 0.00268
scoring_system epss
scoring_elements 0.50333
published_at 2026-04-08T12:55:00Z
6
value 0.00268
scoring_system epss
scoring_elements 0.50326
published_at 2026-04-09T12:55:00Z
7
value 0.00268
scoring_system epss
scoring_elements 0.50355
published_at 2026-04-11T12:55:00Z
8
value 0.00268
scoring_system epss
scoring_elements 0.5033
published_at 2026-04-12T12:55:00Z
9
value 0.00268
scoring_system epss
scoring_elements 0.50319
published_at 2026-04-13T12:55:00Z
10
value 0.00268
scoring_system epss
scoring_elements 0.50364
published_at 2026-04-16T12:55:00Z
11
value 0.00268
scoring_system epss
scoring_elements 0.50367
published_at 2026-04-18T12:55:00Z
12
value 0.00268
scoring_system epss
scoring_elements 0.50343
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26414
1
reference_url https://security.archlinux.org/ASA-202101-10
reference_id ASA-202101-10
reference_type
scores
url https://security.archlinux.org/ASA-202101-10
2
reference_url https://security.archlinux.org/AVG-1416
reference_id AVG-1416
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1416
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2020-26414
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hrbv-6bwd-a3hz
165
url VCID-htj9-mwan-ufcr
vulnerability_id VCID-htj9-mwan-ufcr
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0518
reference_id
reference_type
scores
0
value 0.02082
scoring_system epss
scoring_elements 0.84047
published_at 2026-04-24T12:55:00Z
1
value 0.02082
scoring_system epss
scoring_elements 0.83997
published_at 2026-04-12T12:55:00Z
2
value 0.02082
scoring_system epss
scoring_elements 0.83993
published_at 2026-04-13T12:55:00Z
3
value 0.02082
scoring_system epss
scoring_elements 0.84018
published_at 2026-04-16T12:55:00Z
4
value 0.02082
scoring_system epss
scoring_elements 0.84019
published_at 2026-04-18T12:55:00Z
5
value 0.02082
scoring_system epss
scoring_elements 0.84021
published_at 2026-04-21T12:55:00Z
6
value 0.02082
scoring_system epss
scoring_elements 0.83939
published_at 2026-04-02T12:55:00Z
7
value 0.02082
scoring_system epss
scoring_elements 0.83955
published_at 2026-04-04T12:55:00Z
8
value 0.02082
scoring_system epss
scoring_elements 0.83958
published_at 2026-04-07T12:55:00Z
9
value 0.02082
scoring_system epss
scoring_elements 0.83981
published_at 2026-04-08T12:55:00Z
10
value 0.02082
scoring_system epss
scoring_elements 0.83987
published_at 2026-04-09T12:55:00Z
11
value 0.02082
scoring_system epss
scoring_elements 0.84003
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0518
1
reference_url https://hackerone.com/reports/1766973
reference_id 1766973
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:13:52Z/
url https://hackerone.com/reports/1766973
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/383082
reference_id 383082
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:13:52Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/383082
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0518.json
reference_id CVE-2023-0518.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:13:52Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0518.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-0518
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-htj9-mwan-ufcr
166
url VCID-j2d6-26gv-j3f9
vulnerability_id VCID-j2d6-26gv-j3f9
summary An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22229
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.41973
published_at 2026-04-24T12:55:00Z
1
value 0.002
scoring_system epss
scoring_elements 0.42027
published_at 2026-04-01T12:55:00Z
2
value 0.002
scoring_system epss
scoring_elements 0.42087
published_at 2026-04-02T12:55:00Z
3
value 0.002
scoring_system epss
scoring_elements 0.42115
published_at 2026-04-04T12:55:00Z
4
value 0.002
scoring_system epss
scoring_elements 0.42052
published_at 2026-04-07T12:55:00Z
5
value 0.002
scoring_system epss
scoring_elements 0.42104
published_at 2026-04-08T12:55:00Z
6
value 0.002
scoring_system epss
scoring_elements 0.42116
published_at 2026-04-09T12:55:00Z
7
value 0.002
scoring_system epss
scoring_elements 0.42137
published_at 2026-04-11T12:55:00Z
8
value 0.002
scoring_system epss
scoring_elements 0.421
published_at 2026-04-18T12:55:00Z
9
value 0.002
scoring_system epss
scoring_elements 0.42075
published_at 2026-04-13T12:55:00Z
10
value 0.002
scoring_system epss
scoring_elements 0.42127
published_at 2026-04-16T12:55:00Z
11
value 0.002
scoring_system epss
scoring_elements 0.4203
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22229
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22229
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j2d6-26gv-j3f9
167
url VCID-j36a-731v-6kc1
vulnerability_id VCID-j36a-731v-6kc1
summary Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22189
reference_id
reference_type
scores
0
value 0.0009
scoring_system epss
scoring_elements 0.25502
published_at 2026-04-01T12:55:00Z
1
value 0.0009
scoring_system epss
scoring_elements 0.2557
published_at 2026-04-02T12:55:00Z
2
value 0.0009
scoring_system epss
scoring_elements 0.25607
published_at 2026-04-04T12:55:00Z
3
value 0.0009
scoring_system epss
scoring_elements 0.25379
published_at 2026-04-07T12:55:00Z
4
value 0.0009
scoring_system epss
scoring_elements 0.25448
published_at 2026-04-08T12:55:00Z
5
value 0.0009
scoring_system epss
scoring_elements 0.25496
published_at 2026-04-09T12:55:00Z
6
value 0.0009
scoring_system epss
scoring_elements 0.25508
published_at 2026-04-11T12:55:00Z
7
value 0.0009
scoring_system epss
scoring_elements 0.25465
published_at 2026-04-12T12:55:00Z
8
value 0.0009
scoring_system epss
scoring_elements 0.25408
published_at 2026-04-13T12:55:00Z
9
value 0.0009
scoring_system epss
scoring_elements 0.25414
published_at 2026-04-16T12:55:00Z
10
value 0.0009
scoring_system epss
scoring_elements 0.25404
published_at 2026-04-18T12:55:00Z
11
value 0.0009
scoring_system epss
scoring_elements 0.25371
published_at 2026-04-21T12:55:00Z
12
value 0.0009
scoring_system epss
scoring_elements 0.25335
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22189
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22189
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j36a-731v-6kc1
168
url VCID-j3j2-36rk-7kfm
vulnerability_id VCID-j3j2-36rk-7kfm
summary Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1190
reference_id
reference_type
scores
0
value 0.01
scoring_system epss
scoring_elements 0.77023
published_at 2026-04-16T12:55:00Z
1
value 0.01
scoring_system epss
scoring_elements 0.77026
published_at 2026-04-18T12:55:00Z
2
value 0.01
scoring_system epss
scoring_elements 0.77019
published_at 2026-04-21T12:55:00Z
3
value 0.01
scoring_system epss
scoring_elements 0.77054
published_at 2026-04-24T12:55:00Z
4
value 0.01651
scoring_system epss
scoring_elements 0.82003
published_at 2026-04-08T12:55:00Z
5
value 0.01651
scoring_system epss
scoring_elements 0.82011
published_at 2026-04-09T12:55:00Z
6
value 0.01651
scoring_system epss
scoring_elements 0.81946
published_at 2026-04-01T12:55:00Z
7
value 0.01651
scoring_system epss
scoring_elements 0.8202
published_at 2026-04-12T12:55:00Z
8
value 0.01651
scoring_system epss
scoring_elements 0.82013
published_at 2026-04-13T12:55:00Z
9
value 0.01651
scoring_system epss
scoring_elements 0.8203
published_at 2026-04-11T12:55:00Z
10
value 0.01651
scoring_system epss
scoring_elements 0.81957
published_at 2026-04-02T12:55:00Z
11
value 0.01651
scoring_system epss
scoring_elements 0.8198
published_at 2026-04-04T12:55:00Z
12
value 0.01651
scoring_system epss
scoring_elements 0.81976
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1190
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1190
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j3j2-36rk-7kfm
169
url VCID-j6gp-wgz9-17h6
vulnerability_id VCID-j6gp-wgz9-17h6
summary Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39906
reference_id
reference_type
scores
0
value 0.01183
scoring_system epss
scoring_elements 0.78821
published_at 2026-04-24T12:55:00Z
1
value 0.01183
scoring_system epss
scoring_elements 0.7872
published_at 2026-04-01T12:55:00Z
2
value 0.01183
scoring_system epss
scoring_elements 0.78728
published_at 2026-04-02T12:55:00Z
3
value 0.01183
scoring_system epss
scoring_elements 0.78759
published_at 2026-04-04T12:55:00Z
4
value 0.01183
scoring_system epss
scoring_elements 0.78741
published_at 2026-04-07T12:55:00Z
5
value 0.01183
scoring_system epss
scoring_elements 0.78767
published_at 2026-04-08T12:55:00Z
6
value 0.01183
scoring_system epss
scoring_elements 0.78774
published_at 2026-04-09T12:55:00Z
7
value 0.01183
scoring_system epss
scoring_elements 0.78797
published_at 2026-04-11T12:55:00Z
8
value 0.01183
scoring_system epss
scoring_elements 0.7878
published_at 2026-04-12T12:55:00Z
9
value 0.01183
scoring_system epss
scoring_elements 0.78771
published_at 2026-04-13T12:55:00Z
10
value 0.01183
scoring_system epss
scoring_elements 0.788
published_at 2026-04-16T12:55:00Z
11
value 0.01183
scoring_system epss
scoring_elements 0.78798
published_at 2026-04-18T12:55:00Z
12
value 0.01183
scoring_system epss
scoring_elements 0.78793
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39906
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39906
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6gp-wgz9-17h6
170
url VCID-j768-de1g-puhu
vulnerability_id VCID-j768-de1g-puhu
summary Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3060
reference_id
reference_type
scores
0
value 0.006
scoring_system epss
scoring_elements 0.69471
published_at 2026-04-12T12:55:00Z
1
value 0.006
scoring_system epss
scoring_elements 0.6954
published_at 2026-04-24T12:55:00Z
2
value 0.006
scoring_system epss
scoring_elements 0.69487
published_at 2026-04-21T12:55:00Z
3
value 0.006
scoring_system epss
scoring_elements 0.69506
published_at 2026-04-18T12:55:00Z
4
value 0.006
scoring_system epss
scoring_elements 0.69496
published_at 2026-04-16T12:55:00Z
5
value 0.006
scoring_system epss
scoring_elements 0.69457
published_at 2026-04-13T12:55:00Z
6
value 0.0063
scoring_system epss
scoring_elements 0.70275
published_at 2026-04-08T12:55:00Z
7
value 0.0063
scoring_system epss
scoring_elements 0.70252
published_at 2026-04-04T12:55:00Z
8
value 0.0063
scoring_system epss
scoring_elements 0.70229
published_at 2026-04-07T12:55:00Z
9
value 0.0063
scoring_system epss
scoring_elements 0.70235
published_at 2026-04-02T12:55:00Z
10
value 0.0063
scoring_system epss
scoring_elements 0.7029
published_at 2026-04-09T12:55:00Z
11
value 0.0063
scoring_system epss
scoring_elements 0.70314
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3060
1
reference_url https://hackerone.com/reports/1600343
reference_id 1600343
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T16:19:48Z/
url https://hackerone.com/reports/1600343
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/365427
reference_id 365427
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T16:19:48Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/365427
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3060.json
reference_id CVE-2022-3060.json
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T16:19:48Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3060.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3060
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j768-de1g-puhu
171
url VCID-j8nr-cgq2-ubf9
vulnerability_id VCID-j8nr-cgq2-ubf9
summary Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39930
reference_id
reference_type
scores
0
value 0.00245
scoring_system epss
scoring_elements 0.4777
published_at 2026-04-24T12:55:00Z
1
value 0.00245
scoring_system epss
scoring_elements 0.47719
published_at 2026-04-01T12:55:00Z
2
value 0.00245
scoring_system epss
scoring_elements 0.47757
published_at 2026-04-02T12:55:00Z
3
value 0.00245
scoring_system epss
scoring_elements 0.47777
published_at 2026-04-12T12:55:00Z
4
value 0.00245
scoring_system epss
scoring_elements 0.47726
published_at 2026-04-07T12:55:00Z
5
value 0.00245
scoring_system epss
scoring_elements 0.4778
published_at 2026-04-08T12:55:00Z
6
value 0.00245
scoring_system epss
scoring_elements 0.47776
published_at 2026-04-09T12:55:00Z
7
value 0.00245
scoring_system epss
scoring_elements 0.47801
published_at 2026-04-11T12:55:00Z
8
value 0.00245
scoring_system epss
scoring_elements 0.47787
published_at 2026-04-21T12:55:00Z
9
value 0.00245
scoring_system epss
scoring_elements 0.47842
published_at 2026-04-16T12:55:00Z
10
value 0.00245
scoring_system epss
scoring_elements 0.47834
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39930
1
reference_url https://security.archlinux.org/AVG-2604
reference_id AVG-2604
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2604
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39930
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8nr-cgq2-ubf9
172
url VCID-jbhs-qrhe-u7hf
vulnerability_id VCID-jbhs-qrhe-u7hf
summary A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0136
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41846
published_at 2026-04-01T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.41911
published_at 2026-04-02T12:55:00Z
2
value 0.00198
scoring_system epss
scoring_elements 0.41939
published_at 2026-04-04T12:55:00Z
3
value 0.00198
scoring_system epss
scoring_elements 0.41866
published_at 2026-04-07T12:55:00Z
4
value 0.00198
scoring_system epss
scoring_elements 0.41917
published_at 2026-04-08T12:55:00Z
5
value 0.00198
scoring_system epss
scoring_elements 0.41927
published_at 2026-04-09T12:55:00Z
6
value 0.00198
scoring_system epss
scoring_elements 0.41951
published_at 2026-04-11T12:55:00Z
7
value 0.00198
scoring_system epss
scoring_elements 0.41916
published_at 2026-04-12T12:55:00Z
8
value 0.00198
scoring_system epss
scoring_elements 0.41902
published_at 2026-04-13T12:55:00Z
9
value 0.00198
scoring_system epss
scoring_elements 0.41953
published_at 2026-04-16T12:55:00Z
10
value 0.00198
scoring_system epss
scoring_elements 0.41926
published_at 2026-04-18T12:55:00Z
11
value 0.00198
scoring_system epss
scoring_elements 0.41855
published_at 2026-04-21T12:55:00Z
12
value 0.00198
scoring_system epss
scoring_elements 0.41783
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0136
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0136
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jbhs-qrhe-u7hf
173
url VCID-jes6-h7ua-k7e4
vulnerability_id VCID-jes6-h7ua-k7e4
summary An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1708
reference_id
reference_type
scores
0
value 0.04492
scoring_system epss
scoring_elements 0.89092
published_at 2026-04-07T12:55:00Z
1
value 0.04492
scoring_system epss
scoring_elements 0.8913
published_at 2026-04-21T12:55:00Z
2
value 0.04492
scoring_system epss
scoring_elements 0.89134
published_at 2026-04-18T12:55:00Z
3
value 0.04492
scoring_system epss
scoring_elements 0.8912
published_at 2026-04-13T12:55:00Z
4
value 0.04492
scoring_system epss
scoring_elements 0.89122
published_at 2026-04-12T12:55:00Z
5
value 0.04492
scoring_system epss
scoring_elements 0.89125
published_at 2026-04-11T12:55:00Z
6
value 0.04492
scoring_system epss
scoring_elements 0.89114
published_at 2026-04-09T12:55:00Z
7
value 0.04492
scoring_system epss
scoring_elements 0.89109
published_at 2026-04-08T12:55:00Z
8
value 0.05171
scoring_system epss
scoring_elements 0.89929
published_at 2026-04-24T12:55:00Z
9
value 0.06427
scoring_system epss
scoring_elements 0.91021
published_at 2026-04-04T12:55:00Z
10
value 0.06427
scoring_system epss
scoring_elements 0.91012
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1708
1
reference_url https://hackerone.com/reports/1805604
reference_id 1805604
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:51:48Z/
url https://hackerone.com/reports/1805604
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/387185
reference_id 387185
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:51:48Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/387185
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1708.json
reference_id CVE-2023-1708.json
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:51:48Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1708.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-1708
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jes6-h7ua-k7e4
174
url VCID-jjyp-4p8z-kufj
vulnerability_id VCID-jjyp-4p8z-kufj
summary An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an issue from an epic.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1071
reference_id
reference_type
scores
0
value 0.00056
scoring_system epss
scoring_elements 0.17618
published_at 2026-04-04T12:55:00Z
1
value 0.00056
scoring_system epss
scoring_elements 0.17572
published_at 2026-04-02T12:55:00Z
2
value 0.00097
scoring_system epss
scoring_elements 0.26598
published_at 2026-04-24T12:55:00Z
3
value 0.00097
scoring_system epss
scoring_elements 0.26713
published_at 2026-04-13T12:55:00Z
4
value 0.00097
scoring_system epss
scoring_elements 0.2672
published_at 2026-04-16T12:55:00Z
5
value 0.00097
scoring_system epss
scoring_elements 0.26691
published_at 2026-04-18T12:55:00Z
6
value 0.00097
scoring_system epss
scoring_elements 0.26656
published_at 2026-04-21T12:55:00Z
7
value 0.00097
scoring_system epss
scoring_elements 0.26693
published_at 2026-04-07T12:55:00Z
8
value 0.00097
scoring_system epss
scoring_elements 0.26761
published_at 2026-04-08T12:55:00Z
9
value 0.00097
scoring_system epss
scoring_elements 0.26811
published_at 2026-04-09T12:55:00Z
10
value 0.00097
scoring_system epss
scoring_elements 0.26815
published_at 2026-04-11T12:55:00Z
11
value 0.00097
scoring_system epss
scoring_elements 0.26769
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1071
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/385434
reference_id 385434
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:58:37Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/385434
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1071.json
reference_id CVE-2023-1071.json
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:58:37Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1071.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-1071
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jjyp-4p8z-kufj
175
url VCID-jr1u-sfzc-5kgr
vulnerability_id VCID-jr1u-sfzc-5kgr
summary Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22254
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.50782
published_at 2026-04-01T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.50838
published_at 2026-04-02T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.50864
published_at 2026-04-04T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.50821
published_at 2026-04-07T12:55:00Z
4
value 0.00274
scoring_system epss
scoring_elements 0.50878
published_at 2026-04-08T12:55:00Z
5
value 0.00274
scoring_system epss
scoring_elements 0.50876
published_at 2026-04-09T12:55:00Z
6
value 0.00274
scoring_system epss
scoring_elements 0.50918
published_at 2026-04-16T12:55:00Z
7
value 0.00274
scoring_system epss
scoring_elements 0.50896
published_at 2026-04-12T12:55:00Z
8
value 0.00274
scoring_system epss
scoring_elements 0.5088
published_at 2026-04-13T12:55:00Z
9
value 0.00274
scoring_system epss
scoring_elements 0.50924
published_at 2026-04-18T12:55:00Z
10
value 0.00274
scoring_system epss
scoring_elements 0.50904
published_at 2026-04-21T12:55:00Z
11
value 0.00274
scoring_system epss
scoring_elements 0.50853
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22254
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22254
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jr1u-sfzc-5kgr
176
url VCID-jxuk-mn5f-vkav
vulnerability_id VCID-jxuk-mn5f-vkav
summary An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in the UI.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0090
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50466
published_at 2026-04-01T12:55:00Z
1
value 0.00271
scoring_system epss
scoring_elements 0.50523
published_at 2026-04-02T12:55:00Z
2
value 0.00271
scoring_system epss
scoring_elements 0.5055
published_at 2026-04-04T12:55:00Z
3
value 0.00271
scoring_system epss
scoring_elements 0.50504
published_at 2026-04-07T12:55:00Z
4
value 0.00271
scoring_system epss
scoring_elements 0.50558
published_at 2026-04-08T12:55:00Z
5
value 0.00271
scoring_system epss
scoring_elements 0.50555
published_at 2026-04-09T12:55:00Z
6
value 0.00271
scoring_system epss
scoring_elements 0.50597
published_at 2026-04-11T12:55:00Z
7
value 0.00271
scoring_system epss
scoring_elements 0.50574
published_at 2026-04-12T12:55:00Z
8
value 0.00271
scoring_system epss
scoring_elements 0.5056
published_at 2026-04-13T12:55:00Z
9
value 0.00271
scoring_system epss
scoring_elements 0.50602
published_at 2026-04-16T12:55:00Z
10
value 0.00271
scoring_system epss
scoring_elements 0.50606
published_at 2026-04-18T12:55:00Z
11
value 0.00271
scoring_system epss
scoring_elements 0.50584
published_at 2026-04-21T12:55:00Z
12
value 0.00271
scoring_system epss
scoring_elements 0.50533
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0090
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0090
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxuk-mn5f-vkav
177
url VCID-jy9p-jeet-byb9
vulnerability_id VCID-jy9p-jeet-byb9
summary An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1417
reference_id
reference_type
scores
0
value 0.00605
scoring_system epss
scoring_elements 0.69689
published_at 2026-04-24T12:55:00Z
1
value 0.00605
scoring_system epss
scoring_elements 0.69547
published_at 2026-04-07T12:55:00Z
2
value 0.00605
scoring_system epss
scoring_elements 0.69597
published_at 2026-04-08T12:55:00Z
3
value 0.00605
scoring_system epss
scoring_elements 0.69614
published_at 2026-04-09T12:55:00Z
4
value 0.00605
scoring_system epss
scoring_elements 0.69636
published_at 2026-04-21T12:55:00Z
5
value 0.00605
scoring_system epss
scoring_elements 0.69621
published_at 2026-04-12T12:55:00Z
6
value 0.00605
scoring_system epss
scoring_elements 0.69607
published_at 2026-04-13T12:55:00Z
7
value 0.00605
scoring_system epss
scoring_elements 0.69646
published_at 2026-04-16T12:55:00Z
8
value 0.00605
scoring_system epss
scoring_elements 0.69655
published_at 2026-04-18T12:55:00Z
9
value 0.00696
scoring_system epss
scoring_elements 0.719
published_at 2026-04-04T12:55:00Z
10
value 0.00696
scoring_system epss
scoring_elements 0.71881
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1417
1
reference_url https://hackerone.com/reports/1892200
reference_id 1892200
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T15:26:20Z/
url https://hackerone.com/reports/1892200
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/396720
reference_id 396720
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T15:26:20Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/396720
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1417.json
reference_id CVE-2023-1417.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T15:26:20Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1417.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-1417
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jy9p-jeet-byb9
178
url VCID-k29f-m5ey-f3d6
vulnerability_id VCID-k29f-m5ey-f3d6
summary All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22218
reference_id
reference_type
scores
0
value 0.00125
scoring_system epss
scoring_elements 0.31477
published_at 2026-04-24T12:55:00Z
1
value 0.00125
scoring_system epss
scoring_elements 0.31672
published_at 2026-04-01T12:55:00Z
2
value 0.00125
scoring_system epss
scoring_elements 0.31804
published_at 2026-04-02T12:55:00Z
3
value 0.00125
scoring_system epss
scoring_elements 0.31848
published_at 2026-04-04T12:55:00Z
4
value 0.00125
scoring_system epss
scoring_elements 0.31668
published_at 2026-04-07T12:55:00Z
5
value 0.00125
scoring_system epss
scoring_elements 0.31719
published_at 2026-04-08T12:55:00Z
6
value 0.00125
scoring_system epss
scoring_elements 0.31749
published_at 2026-04-09T12:55:00Z
7
value 0.00125
scoring_system epss
scoring_elements 0.31752
published_at 2026-04-11T12:55:00Z
8
value 0.00125
scoring_system epss
scoring_elements 0.31712
published_at 2026-04-12T12:55:00Z
9
value 0.00125
scoring_system epss
scoring_elements 0.31677
published_at 2026-04-13T12:55:00Z
10
value 0.00125
scoring_system epss
scoring_elements 0.31709
published_at 2026-04-16T12:55:00Z
11
value 0.00125
scoring_system epss
scoring_elements 0.31687
published_at 2026-04-18T12:55:00Z
12
value 0.00125
scoring_system epss
scoring_elements 0.31654
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22218
1
reference_url https://security.archlinux.org/ASA-202106-21
reference_id ASA-202106-21
reference_type
scores
url https://security.archlinux.org/ASA-202106-21
2
reference_url https://security.archlinux.org/AVG-2023
reference_id AVG-2023
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2023
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22218
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k29f-m5ey-f3d6
179
url VCID-k2ky-z72d-pkdp
vulnerability_id VCID-k2ky-z72d-pkdp
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0042
reference_id
reference_type
scores
0
value 0.0018
scoring_system epss
scoring_elements 0.39343
published_at 2026-04-24T12:55:00Z
1
value 0.0018
scoring_system epss
scoring_elements 0.39635
published_at 2026-04-16T12:55:00Z
2
value 0.0018
scoring_system epss
scoring_elements 0.39606
published_at 2026-04-18T12:55:00Z
3
value 0.0018
scoring_system epss
scoring_elements 0.39522
published_at 2026-04-21T12:55:00Z
4
value 0.0018
scoring_system epss
scoring_elements 0.3962
published_at 2026-04-02T12:55:00Z
5
value 0.0018
scoring_system epss
scoring_elements 0.39642
published_at 2026-04-04T12:55:00Z
6
value 0.0018
scoring_system epss
scoring_elements 0.39559
published_at 2026-04-07T12:55:00Z
7
value 0.0018
scoring_system epss
scoring_elements 0.39613
published_at 2026-04-08T12:55:00Z
8
value 0.0018
scoring_system epss
scoring_elements 0.39628
published_at 2026-04-09T12:55:00Z
9
value 0.0018
scoring_system epss
scoring_elements 0.39637
published_at 2026-04-11T12:55:00Z
10
value 0.0018
scoring_system epss
scoring_elements 0.39601
published_at 2026-04-12T12:55:00Z
11
value 0.0018
scoring_system epss
scoring_elements 0.39584
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0042
1
reference_url https://gitlab.com/gitlab-org/gitlab-pages/-/issues/728
reference_id 728
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T13:40:59Z/
url https://gitlab.com/gitlab-org/gitlab-pages/-/issues/728
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0042.json
reference_id CVE-2023-0042.json
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T13:40:59Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0042.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-0042
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k2ky-z72d-pkdp
180
url VCID-k32v-rex9-tkbx
vulnerability_id VCID-k32v-rex9-tkbx
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to read repository content by an unauthorised user if a project member used a crafted link.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2907
reference_id
reference_type
scores
0
value 0.0053
scoring_system epss
scoring_elements 0.67194
published_at 2026-04-07T12:55:00Z
1
value 0.0053
scoring_system epss
scoring_elements 0.67218
published_at 2026-04-04T12:55:00Z
2
value 0.0053
scoring_system epss
scoring_elements 0.67245
published_at 2026-04-08T12:55:00Z
3
value 0.0053
scoring_system epss
scoring_elements 0.67259
published_at 2026-04-09T12:55:00Z
4
value 0.0053
scoring_system epss
scoring_elements 0.67279
published_at 2026-04-11T12:55:00Z
5
value 0.0053
scoring_system epss
scoring_elements 0.67265
published_at 2026-04-16T12:55:00Z
6
value 0.0053
scoring_system epss
scoring_elements 0.6723
published_at 2026-04-13T12:55:00Z
7
value 0.0053
scoring_system epss
scoring_elements 0.67277
published_at 2026-04-24T12:55:00Z
8
value 0.0053
scoring_system epss
scoring_elements 0.67257
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2907
1
reference_url https://hackerone.com/reports/1417680
reference_id 1417680
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T17:42:23Z/
url https://hackerone.com/reports/1417680
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/349388
reference_id 349388
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T17:42:23Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/349388
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2907.json
reference_id CVE-2022-2907.json
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T17:42:23Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2907.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2907
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k32v-rex9-tkbx
181
url VCID-k8rh-pg4b-nubu
vulnerability_id VCID-k8rh-pg4b-nubu
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22203
reference_id
reference_type
scores
0
value 0.00241
scoring_system epss
scoring_elements 0.4732
published_at 2026-04-24T12:55:00Z
1
value 0.00241
scoring_system epss
scoring_elements 0.47272
published_at 2026-04-01T12:55:00Z
2
value 0.00241
scoring_system epss
scoring_elements 0.47308
published_at 2026-04-02T12:55:00Z
3
value 0.00241
scoring_system epss
scoring_elements 0.47329
published_at 2026-04-04T12:55:00Z
4
value 0.00241
scoring_system epss
scoring_elements 0.47275
published_at 2026-04-07T12:55:00Z
5
value 0.00241
scoring_system epss
scoring_elements 0.4733
published_at 2026-04-08T12:55:00Z
6
value 0.00241
scoring_system epss
scoring_elements 0.47327
published_at 2026-04-09T12:55:00Z
7
value 0.00241
scoring_system epss
scoring_elements 0.47351
published_at 2026-04-11T12:55:00Z
8
value 0.00241
scoring_system epss
scoring_elements 0.47325
published_at 2026-04-12T12:55:00Z
9
value 0.00241
scoring_system epss
scoring_elements 0.47332
published_at 2026-04-13T12:55:00Z
10
value 0.00241
scoring_system epss
scoring_elements 0.4739
published_at 2026-04-16T12:55:00Z
11
value 0.00241
scoring_system epss
scoring_elements 0.47384
published_at 2026-04-18T12:55:00Z
12
value 0.00241
scoring_system epss
scoring_elements 0.47335
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22203
1
reference_url https://security.archlinux.org/AVG-1770
reference_id AVG-1770
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1770
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22203
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k8rh-pg4b-nubu
182
url VCID-kacu-wtbz-7bf4
vulnerability_id VCID-kacu-wtbz-7bf4
summary A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22190
reference_id
reference_type
scores
0
value 0.00335
scoring_system epss
scoring_elements 0.56261
published_at 2026-04-01T12:55:00Z
1
value 0.00335
scoring_system epss
scoring_elements 0.56364
published_at 2026-04-02T12:55:00Z
2
value 0.00335
scoring_system epss
scoring_elements 0.56386
published_at 2026-04-04T12:55:00Z
3
value 0.00335
scoring_system epss
scoring_elements 0.56366
published_at 2026-04-07T12:55:00Z
4
value 0.00335
scoring_system epss
scoring_elements 0.56417
published_at 2026-04-08T12:55:00Z
5
value 0.00335
scoring_system epss
scoring_elements 0.56423
published_at 2026-04-09T12:55:00Z
6
value 0.00335
scoring_system epss
scoring_elements 0.56436
published_at 2026-04-11T12:55:00Z
7
value 0.00335
scoring_system epss
scoring_elements 0.56411
published_at 2026-04-12T12:55:00Z
8
value 0.00335
scoring_system epss
scoring_elements 0.56392
published_at 2026-04-13T12:55:00Z
9
value 0.00335
scoring_system epss
scoring_elements 0.56424
published_at 2026-04-16T12:55:00Z
10
value 0.00335
scoring_system epss
scoring_elements 0.56425
published_at 2026-04-18T12:55:00Z
11
value 0.00335
scoring_system epss
scoring_elements 0.56396
published_at 2026-04-21T12:55:00Z
12
value 0.00335
scoring_system epss
scoring_elements 0.56323
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22190
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22190
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kacu-wtbz-7bf4
183
url VCID-kj1q-pzn3-qycb
vulnerability_id VCID-kj1q-pzn3-qycb
summary A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to potentially cause denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39942
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42529
published_at 2026-04-01T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.426
published_at 2026-04-02T12:55:00Z
2
value 0.00204
scoring_system epss
scoring_elements 0.42629
published_at 2026-04-04T12:55:00Z
3
value 0.00204
scoring_system epss
scoring_elements 0.42567
published_at 2026-04-07T12:55:00Z
4
value 0.00204
scoring_system epss
scoring_elements 0.42619
published_at 2026-04-08T12:55:00Z
5
value 0.00204
scoring_system epss
scoring_elements 0.4263
published_at 2026-04-09T12:55:00Z
6
value 0.00204
scoring_system epss
scoring_elements 0.42653
published_at 2026-04-11T12:55:00Z
7
value 0.00204
scoring_system epss
scoring_elements 0.42617
published_at 2026-04-12T12:55:00Z
8
value 0.00204
scoring_system epss
scoring_elements 0.42589
published_at 2026-04-13T12:55:00Z
9
value 0.00204
scoring_system epss
scoring_elements 0.42648
published_at 2026-04-16T12:55:00Z
10
value 0.00204
scoring_system epss
scoring_elements 0.42633
published_at 2026-04-18T12:55:00Z
11
value 0.00204
scoring_system epss
scoring_elements 0.42568
published_at 2026-04-21T12:55:00Z
12
value 0.00204
scoring_system epss
scoring_elements 0.42506
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39942
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39942
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kj1q-pzn3-qycb
184
url VCID-kjfx-qqpg-jbhh
vulnerability_id VCID-kjfx-qqpg-jbhh
summary A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2185
reference_id
reference_type
scores
0
value 0.90111
scoring_system epss
scoring_elements 0.99585
published_at 2026-04-02T12:55:00Z
1
value 0.90111
scoring_system epss
scoring_elements 0.99586
published_at 2026-04-04T12:55:00Z
2
value 0.90111
scoring_system epss
scoring_elements 0.99587
published_at 2026-04-11T12:55:00Z
3
value 0.90111
scoring_system epss
scoring_elements 0.99588
published_at 2026-04-13T12:55:00Z
4
value 0.90111
scoring_system epss
scoring_elements 0.99589
published_at 2026-04-18T12:55:00Z
5
value 0.90111
scoring_system epss
scoring_elements 0.9959
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2185
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2185
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kjfx-qqpg-jbhh
185
url VCID-ktef-sqf6-ckfp
vulnerability_id VCID-ktef-sqf6-ckfp
summary An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22200
reference_id
reference_type
scores
0
value 0.00174
scoring_system epss
scoring_elements 0.38554
published_at 2026-04-24T12:55:00Z
1
value 0.00174
scoring_system epss
scoring_elements 0.3868
published_at 2026-04-01T12:55:00Z
2
value 0.00174
scoring_system epss
scoring_elements 0.38817
published_at 2026-04-02T12:55:00Z
3
value 0.00174
scoring_system epss
scoring_elements 0.38837
published_at 2026-04-04T12:55:00Z
4
value 0.00174
scoring_system epss
scoring_elements 0.38766
published_at 2026-04-07T12:55:00Z
5
value 0.00174
scoring_system epss
scoring_elements 0.38816
published_at 2026-04-08T12:55:00Z
6
value 0.00174
scoring_system epss
scoring_elements 0.38827
published_at 2026-04-09T12:55:00Z
7
value 0.00174
scoring_system epss
scoring_elements 0.38839
published_at 2026-04-11T12:55:00Z
8
value 0.00174
scoring_system epss
scoring_elements 0.38802
published_at 2026-04-12T12:55:00Z
9
value 0.00174
scoring_system epss
scoring_elements 0.38775
published_at 2026-04-13T12:55:00Z
10
value 0.00174
scoring_system epss
scoring_elements 0.3882
published_at 2026-04-16T12:55:00Z
11
value 0.00174
scoring_system epss
scoring_elements 0.38798
published_at 2026-04-18T12:55:00Z
12
value 0.00174
scoring_system epss
scoring_elements 0.38718
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22200
1
reference_url https://security.archlinux.org/AVG-1770
reference_id AVG-1770
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1770
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22200
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ktef-sqf6-ckfp
186
url VCID-ktjp-pvqu-5yf7
vulnerability_id VCID-ktjp-pvqu-5yf7
summary A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22231
reference_id
reference_type
scores
0
value 0.00376
scoring_system epss
scoring_elements 0.59218
published_at 2026-04-24T12:55:00Z
1
value 0.00376
scoring_system epss
scoring_elements 0.59104
published_at 2026-04-01T12:55:00Z
2
value 0.00376
scoring_system epss
scoring_elements 0.59178
published_at 2026-04-02T12:55:00Z
3
value 0.00376
scoring_system epss
scoring_elements 0.59202
published_at 2026-04-04T12:55:00Z
4
value 0.00376
scoring_system epss
scoring_elements 0.59166
published_at 2026-04-07T12:55:00Z
5
value 0.00376
scoring_system epss
scoring_elements 0.59217
published_at 2026-04-08T12:55:00Z
6
value 0.00376
scoring_system epss
scoring_elements 0.5923
published_at 2026-04-09T12:55:00Z
7
value 0.00376
scoring_system epss
scoring_elements 0.5925
published_at 2026-04-16T12:55:00Z
8
value 0.00376
scoring_system epss
scoring_elements 0.59232
published_at 2026-04-12T12:55:00Z
9
value 0.00376
scoring_system epss
scoring_elements 0.59214
published_at 2026-04-13T12:55:00Z
10
value 0.00376
scoring_system epss
scoring_elements 0.59255
published_at 2026-04-18T12:55:00Z
11
value 0.00376
scoring_system epss
scoring_elements 0.59237
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22231
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22231
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ktjp-pvqu-5yf7
187
url VCID-m2gu-w4p5-s3du
vulnerability_id VCID-m2gu-w4p5-s3du
summary A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1121
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39706
published_at 2026-04-01T12:55:00Z
1
value 0.00181
scoring_system epss
scoring_elements 0.39854
published_at 2026-04-02T12:55:00Z
2
value 0.00181
scoring_system epss
scoring_elements 0.39877
published_at 2026-04-11T12:55:00Z
3
value 0.00181
scoring_system epss
scoring_elements 0.39799
published_at 2026-04-07T12:55:00Z
4
value 0.00181
scoring_system epss
scoring_elements 0.39853
published_at 2026-04-08T12:55:00Z
5
value 0.00181
scoring_system epss
scoring_elements 0.39867
published_at 2026-04-09T12:55:00Z
6
value 0.00181
scoring_system epss
scoring_elements 0.39843
published_at 2026-04-12T12:55:00Z
7
value 0.00181
scoring_system epss
scoring_elements 0.39826
published_at 2026-04-13T12:55:00Z
8
value 0.00181
scoring_system epss
scoring_elements 0.39875
published_at 2026-04-16T12:55:00Z
9
value 0.00181
scoring_system epss
scoring_elements 0.39847
published_at 2026-04-18T12:55:00Z
10
value 0.00181
scoring_system epss
scoring_elements 0.39767
published_at 2026-04-21T12:55:00Z
11
value 0.00181
scoring_system epss
scoring_elements 0.39587
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1121
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1121
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m2gu-w4p5-s3du
188
url VCID-m6c7-dfbf-r7gr
vulnerability_id VCID-m6c7-dfbf-r7gr
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39931
reference_id
reference_type
scores
0
value 0.00253
scoring_system epss
scoring_elements 0.48608
published_at 2026-04-21T12:55:00Z
1
value 0.00253
scoring_system epss
scoring_elements 0.48538
published_at 2026-04-01T12:55:00Z
2
value 0.00253
scoring_system epss
scoring_elements 0.48574
published_at 2026-04-02T12:55:00Z
3
value 0.00253
scoring_system epss
scoring_elements 0.48597
published_at 2026-04-04T12:55:00Z
4
value 0.00253
scoring_system epss
scoring_elements 0.48549
published_at 2026-04-07T12:55:00Z
5
value 0.00253
scoring_system epss
scoring_elements 0.48603
published_at 2026-04-08T12:55:00Z
6
value 0.00253
scoring_system epss
scoring_elements 0.48599
published_at 2026-04-09T12:55:00Z
7
value 0.00253
scoring_system epss
scoring_elements 0.4862
published_at 2026-04-11T12:55:00Z
8
value 0.00253
scoring_system epss
scoring_elements 0.48593
published_at 2026-04-24T12:55:00Z
9
value 0.00253
scoring_system epss
scoring_elements 0.48606
published_at 2026-04-13T12:55:00Z
10
value 0.00253
scoring_system epss
scoring_elements 0.48656
published_at 2026-04-16T12:55:00Z
11
value 0.00253
scoring_system epss
scoring_elements 0.48651
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39931
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39931
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m6c7-dfbf-r7gr
189
url VCID-m9cw-hzjf-6kfq
vulnerability_id VCID-m9cw-hzjf-6kfq
summary A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2884
reference_id
reference_type
scores
0
value 0.67741
scoring_system epss
scoring_elements 0.98591
published_at 2026-04-24T12:55:00Z
1
value 0.67741
scoring_system epss
scoring_elements 0.98579
published_at 2026-04-09T12:55:00Z
2
value 0.67741
scoring_system epss
scoring_elements 0.9858
published_at 2026-04-12T12:55:00Z
3
value 0.67741
scoring_system epss
scoring_elements 0.98582
published_at 2026-04-13T12:55:00Z
4
value 0.67741
scoring_system epss
scoring_elements 0.98587
published_at 2026-04-21T12:55:00Z
5
value 0.67741
scoring_system epss
scoring_elements 0.98588
published_at 2026-04-18T12:55:00Z
6
value 0.67741
scoring_system epss
scoring_elements 0.9857
published_at 2026-04-02T12:55:00Z
7
value 0.67741
scoring_system epss
scoring_elements 0.98573
published_at 2026-04-04T12:55:00Z
8
value 0.67741
scoring_system epss
scoring_elements 0.98575
published_at 2026-04-07T12:55:00Z
9
value 0.67741
scoring_system epss
scoring_elements 0.98577
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2884
1
reference_url https://hackerone.com/reports/1672388
reference_id 1672388
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:23:51Z/
url https://hackerone.com/reports/1672388
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/371098
reference_id 371098
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:23:51Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/371098
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/51181.py
reference_id CVE-2022-2884
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/51181.py
4
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2884.json
reference_id CVE-2022-2884.json
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:23:51Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2884.json
5
reference_url http://packetstormsecurity.com/files/171628/GitLab-15.3-Remote-Code-Execution.html
reference_id GitLab-15.3-Remote-Code-Execution.html
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:23:51Z/
url http://packetstormsecurity.com/files/171628/GitLab-15.3-Remote-Code-Execution.html
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2884
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m9cw-hzjf-6kfq
190
url VCID-mbnw-5r9b-mybe
vulnerability_id VCID-mbnw-5r9b-mybe
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2539
reference_id
reference_type
scores
0
value 0.0019
scoring_system epss
scoring_elements 0.40681
published_at 2026-04-24T12:55:00Z
1
value 0.0019
scoring_system epss
scoring_elements 0.40868
published_at 2026-04-02T12:55:00Z
2
value 0.0019
scoring_system epss
scoring_elements 0.40895
published_at 2026-04-04T12:55:00Z
3
value 0.0019
scoring_system epss
scoring_elements 0.40822
published_at 2026-04-07T12:55:00Z
4
value 0.0019
scoring_system epss
scoring_elements 0.40872
published_at 2026-04-08T12:55:00Z
5
value 0.0019
scoring_system epss
scoring_elements 0.40878
published_at 2026-04-09T12:55:00Z
6
value 0.0019
scoring_system epss
scoring_elements 0.40894
published_at 2026-04-11T12:55:00Z
7
value 0.0019
scoring_system epss
scoring_elements 0.4086
published_at 2026-04-12T12:55:00Z
8
value 0.0019
scoring_system epss
scoring_elements 0.4084
published_at 2026-04-13T12:55:00Z
9
value 0.0019
scoring_system epss
scoring_elements 0.40884
published_at 2026-04-16T12:55:00Z
10
value 0.0019
scoring_system epss
scoring_elements 0.40854
published_at 2026-04-18T12:55:00Z
11
value 0.0019
scoring_system epss
scoring_elements 0.40775
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2539
1
reference_url https://security.archlinux.org/AVG-2785
reference_id AVG-2785
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2785
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2539
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbnw-5r9b-mybe
191
url VCID-mgy7-efcp-wbdv
vulnerability_id VCID-mgy7-efcp-wbdv
summary An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0172
reference_id
reference_type
scores
0
value 0.00083
scoring_system epss
scoring_elements 0.2435
published_at 2026-04-01T12:55:00Z
1
value 0.00083
scoring_system epss
scoring_elements 0.24476
published_at 2026-04-02T12:55:00Z
2
value 0.00083
scoring_system epss
scoring_elements 0.2451
published_at 2026-04-04T12:55:00Z
3
value 0.00083
scoring_system epss
scoring_elements 0.24294
published_at 2026-04-07T12:55:00Z
4
value 0.00083
scoring_system epss
scoring_elements 0.24361
published_at 2026-04-08T12:55:00Z
5
value 0.00083
scoring_system epss
scoring_elements 0.24405
published_at 2026-04-09T12:55:00Z
6
value 0.00083
scoring_system epss
scoring_elements 0.24422
published_at 2026-04-11T12:55:00Z
7
value 0.00083
scoring_system epss
scoring_elements 0.2438
published_at 2026-04-12T12:55:00Z
8
value 0.00083
scoring_system epss
scoring_elements 0.24323
published_at 2026-04-13T12:55:00Z
9
value 0.00083
scoring_system epss
scoring_elements 0.2434
published_at 2026-04-16T12:55:00Z
10
value 0.00083
scoring_system epss
scoring_elements 0.2433
published_at 2026-04-18T12:55:00Z
11
value 0.00083
scoring_system epss
scoring_elements 0.24303
published_at 2026-04-21T12:55:00Z
12
value 0.00083
scoring_system epss
scoring_elements 0.24179
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0172
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0172
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mgy7-efcp-wbdv
192
url VCID-mn18-gsrf-bfaf
vulnerability_id VCID-mn18-gsrf-bfaf
summary Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't have access to that project.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3706
reference_id
reference_type
scores
0
value 0.00163
scoring_system epss
scoring_elements 0.36923
published_at 2026-04-24T12:55:00Z
1
value 0.00163
scoring_system epss
scoring_elements 0.37219
published_at 2026-04-16T12:55:00Z
2
value 0.00163
scoring_system epss
scoring_elements 0.37202
published_at 2026-04-18T12:55:00Z
3
value 0.00163
scoring_system epss
scoring_elements 0.37146
published_at 2026-04-21T12:55:00Z
4
value 0.00163
scoring_system epss
scoring_elements 0.37304
published_at 2026-04-02T12:55:00Z
5
value 0.00163
scoring_system epss
scoring_elements 0.3733
published_at 2026-04-04T12:55:00Z
6
value 0.00163
scoring_system epss
scoring_elements 0.37157
published_at 2026-04-07T12:55:00Z
7
value 0.00163
scoring_system epss
scoring_elements 0.37209
published_at 2026-04-08T12:55:00Z
8
value 0.00163
scoring_system epss
scoring_elements 0.37223
published_at 2026-04-09T12:55:00Z
9
value 0.00163
scoring_system epss
scoring_elements 0.37234
published_at 2026-04-11T12:55:00Z
10
value 0.00163
scoring_system epss
scoring_elements 0.372
published_at 2026-04-12T12:55:00Z
11
value 0.00163
scoring_system epss
scoring_elements 0.37173
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3706
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/365532
reference_id 365532
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:23:44Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/365532
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3706.json
reference_id CVE-2022-3706.json
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:23:44Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3706.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3706
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mn18-gsrf-bfaf
193
url VCID-mnm5-sw92-cyfx
vulnerability_id VCID-mnm5-sw92-cyfx
summary An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22180
reference_id
reference_type
scores
0
value 0.00139
scoring_system epss
scoring_elements 0.33756
published_at 2026-04-01T12:55:00Z
1
value 0.00139
scoring_system epss
scoring_elements 0.34093
published_at 2026-04-02T12:55:00Z
2
value 0.00139
scoring_system epss
scoring_elements 0.34125
published_at 2026-04-04T12:55:00Z
3
value 0.00139
scoring_system epss
scoring_elements 0.33984
published_at 2026-04-07T12:55:00Z
4
value 0.00139
scoring_system epss
scoring_elements 0.34027
published_at 2026-04-08T12:55:00Z
5
value 0.00139
scoring_system epss
scoring_elements 0.34058
published_at 2026-04-09T12:55:00Z
6
value 0.00139
scoring_system epss
scoring_elements 0.34057
published_at 2026-04-11T12:55:00Z
7
value 0.00139
scoring_system epss
scoring_elements 0.34014
published_at 2026-04-12T12:55:00Z
8
value 0.00139
scoring_system epss
scoring_elements 0.3399
published_at 2026-04-13T12:55:00Z
9
value 0.00139
scoring_system epss
scoring_elements 0.34025
published_at 2026-04-16T12:55:00Z
10
value 0.00139
scoring_system epss
scoring_elements 0.34013
published_at 2026-04-18T12:55:00Z
11
value 0.00139
scoring_system epss
scoring_elements 0.33979
published_at 2026-04-21T12:55:00Z
12
value 0.00139
scoring_system epss
scoring_elements 0.33609
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22180
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22180
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mnm5-sw92-cyfx
194
url VCID-mrtq-9dj4-a7bf
vulnerability_id VCID-mrtq-9dj4-a7bf
summary A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2307
reference_id
reference_type
scores
0
value 0.00085
scoring_system epss
scoring_elements 0.24545
published_at 2026-04-24T12:55:00Z
1
value 0.00085
scoring_system epss
scoring_elements 0.24776
published_at 2026-04-02T12:55:00Z
2
value 0.00085
scoring_system epss
scoring_elements 0.24814
published_at 2026-04-04T12:55:00Z
3
value 0.00085
scoring_system epss
scoring_elements 0.24589
published_at 2026-04-07T12:55:00Z
4
value 0.00085
scoring_system epss
scoring_elements 0.24657
published_at 2026-04-08T12:55:00Z
5
value 0.00085
scoring_system epss
scoring_elements 0.24705
published_at 2026-04-09T12:55:00Z
6
value 0.00085
scoring_system epss
scoring_elements 0.24718
published_at 2026-04-11T12:55:00Z
7
value 0.00085
scoring_system epss
scoring_elements 0.24678
published_at 2026-04-12T12:55:00Z
8
value 0.00085
scoring_system epss
scoring_elements 0.24621
published_at 2026-04-13T12:55:00Z
9
value 0.00085
scoring_system epss
scoring_elements 0.24634
published_at 2026-04-16T12:55:00Z
10
value 0.00085
scoring_system epss
scoring_elements 0.24623
published_at 2026-04-18T12:55:00Z
11
value 0.00085
scoring_system epss
scoring_elements 0.24601
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2307
1
reference_url https://security.archlinux.org/AVG-2785
reference_id AVG-2785
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2785
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2307
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mrtq-9dj4-a7bf
195
url VCID-mvz1-n3g4-zud8
vulnerability_id VCID-mvz1-n3g4-zud8
summary Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22170
reference_id
reference_type
scores
0
value 0.00066
scoring_system epss
scoring_elements 0.20399
published_at 2026-04-01T12:55:00Z
1
value 0.00066
scoring_system epss
scoring_elements 0.20545
published_at 2026-04-02T12:55:00Z
2
value 0.00066
scoring_system epss
scoring_elements 0.20603
published_at 2026-04-04T12:55:00Z
3
value 0.00066
scoring_system epss
scoring_elements 0.20332
published_at 2026-04-07T12:55:00Z
4
value 0.00066
scoring_system epss
scoring_elements 0.20413
published_at 2026-04-08T12:55:00Z
5
value 0.00066
scoring_system epss
scoring_elements 0.20471
published_at 2026-04-09T12:55:00Z
6
value 0.00066
scoring_system epss
scoring_elements 0.20495
published_at 2026-04-11T12:55:00Z
7
value 0.00066
scoring_system epss
scoring_elements 0.2045
published_at 2026-04-12T12:55:00Z
8
value 0.00066
scoring_system epss
scoring_elements 0.20394
published_at 2026-04-13T12:55:00Z
9
value 0.00066
scoring_system epss
scoring_elements 0.20384
published_at 2026-04-16T12:55:00Z
10
value 0.00066
scoring_system epss
scoring_elements 0.20385
published_at 2026-04-18T12:55:00Z
11
value 0.00066
scoring_system epss
scoring_elements 0.20383
published_at 2026-04-21T12:55:00Z
12
value 0.00066
scoring_system epss
scoring_elements 0.20257
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22170
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22170
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mvz1-n3g4-zud8
196
url VCID-my6e-5thk-hkdc
vulnerability_id VCID-my6e-5thk-hkdc
summary An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22186
reference_id
reference_type
scores
0
value 0.0017
scoring_system epss
scoring_elements 0.38075
published_at 2026-04-24T12:55:00Z
1
value 0.0017
scoring_system epss
scoring_elements 0.38232
published_at 2026-04-01T12:55:00Z
2
value 0.0017
scoring_system epss
scoring_elements 0.38367
published_at 2026-04-02T12:55:00Z
3
value 0.0017
scoring_system epss
scoring_elements 0.38391
published_at 2026-04-04T12:55:00Z
4
value 0.0017
scoring_system epss
scoring_elements 0.38257
published_at 2026-04-07T12:55:00Z
5
value 0.0017
scoring_system epss
scoring_elements 0.38307
published_at 2026-04-08T12:55:00Z
6
value 0.0017
scoring_system epss
scoring_elements 0.38316
published_at 2026-04-09T12:55:00Z
7
value 0.0017
scoring_system epss
scoring_elements 0.38334
published_at 2026-04-11T12:55:00Z
8
value 0.0017
scoring_system epss
scoring_elements 0.38298
published_at 2026-04-18T12:55:00Z
9
value 0.0017
scoring_system epss
scoring_elements 0.38273
published_at 2026-04-13T12:55:00Z
10
value 0.0017
scoring_system epss
scoring_elements 0.3832
published_at 2026-04-16T12:55:00Z
11
value 0.0017
scoring_system epss
scoring_elements 0.38234
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22186
1
reference_url https://security.archlinux.org/AVG-1648
reference_id AVG-1648
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1648
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22186
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-my6e-5thk-hkdc
197
url VCID-myew-c4zd-u3cw
vulnerability_id VCID-myew-c4zd-u3cw
summary Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22171
reference_id
reference_type
scores
0
value 0.00127
scoring_system epss
scoring_elements 0.31821
published_at 2026-04-24T12:55:00Z
1
value 0.00127
scoring_system epss
scoring_elements 0.32
published_at 2026-04-01T12:55:00Z
2
value 0.00127
scoring_system epss
scoring_elements 0.32127
published_at 2026-04-02T12:55:00Z
3
value 0.00127
scoring_system epss
scoring_elements 0.32167
published_at 2026-04-04T12:55:00Z
4
value 0.00127
scoring_system epss
scoring_elements 0.3199
published_at 2026-04-07T12:55:00Z
5
value 0.00127
scoring_system epss
scoring_elements 0.32041
published_at 2026-04-08T12:55:00Z
6
value 0.00127
scoring_system epss
scoring_elements 0.3207
published_at 2026-04-09T12:55:00Z
7
value 0.00127
scoring_system epss
scoring_elements 0.32074
published_at 2026-04-11T12:55:00Z
8
value 0.00127
scoring_system epss
scoring_elements 0.32035
published_at 2026-04-12T12:55:00Z
9
value 0.00127
scoring_system epss
scoring_elements 0.32003
published_at 2026-04-13T12:55:00Z
10
value 0.00127
scoring_system epss
scoring_elements 0.32036
published_at 2026-04-16T12:55:00Z
11
value 0.00127
scoring_system epss
scoring_elements 0.32014
published_at 2026-04-18T12:55:00Z
12
value 0.00127
scoring_system epss
scoring_elements 0.31987
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22171
1
reference_url https://security.archlinux.org/ASA-202101-10
reference_id ASA-202101-10
reference_type
scores
url https://security.archlinux.org/ASA-202101-10
2
reference_url https://security.archlinux.org/AVG-1416
reference_id AVG-1416
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1416
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22171
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-myew-c4zd-u3cw
198
url VCID-n13v-9faq-6fcx
vulnerability_id VCID-n13v-9faq-6fcx
summary A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1185
reference_id
reference_type
scores
0
value 0.00365
scoring_system epss
scoring_elements 0.58377
published_at 2026-04-01T12:55:00Z
1
value 0.00365
scoring_system epss
scoring_elements 0.58462
published_at 2026-04-02T12:55:00Z
2
value 0.00365
scoring_system epss
scoring_elements 0.58481
published_at 2026-04-04T12:55:00Z
3
value 0.00365
scoring_system epss
scoring_elements 0.58452
published_at 2026-04-07T12:55:00Z
4
value 0.00365
scoring_system epss
scoring_elements 0.58504
published_at 2026-04-21T12:55:00Z
5
value 0.00365
scoring_system epss
scoring_elements 0.5851
published_at 2026-04-09T12:55:00Z
6
value 0.00365
scoring_system epss
scoring_elements 0.58527
published_at 2026-04-11T12:55:00Z
7
value 0.00365
scoring_system epss
scoring_elements 0.58508
published_at 2026-04-12T12:55:00Z
8
value 0.00365
scoring_system epss
scoring_elements 0.58488
published_at 2026-04-13T12:55:00Z
9
value 0.00365
scoring_system epss
scoring_elements 0.5852
published_at 2026-04-16T12:55:00Z
10
value 0.00365
scoring_system epss
scoring_elements 0.58525
published_at 2026-04-18T12:55:00Z
11
value 0.00365
scoring_system epss
scoring_elements 0.5847
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1185
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1185
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n13v-9faq-6fcx
199
url VCID-n1gx-qsm8-bqgy
vulnerability_id VCID-n1gx-qsm8-bqgy
summary A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3572
reference_id
reference_type
scores
0
value 0.10212
scoring_system epss
scoring_elements 0.93171
published_at 2026-04-24T12:55:00Z
1
value 0.10212
scoring_system epss
scoring_elements 0.93135
published_at 2026-04-12T12:55:00Z
2
value 0.10212
scoring_system epss
scoring_elements 0.93137
published_at 2026-04-13T12:55:00Z
3
value 0.10212
scoring_system epss
scoring_elements 0.93153
published_at 2026-04-16T12:55:00Z
4
value 0.10212
scoring_system epss
scoring_elements 0.93158
published_at 2026-04-18T12:55:00Z
5
value 0.10212
scoring_system epss
scoring_elements 0.93165
published_at 2026-04-21T12:55:00Z
6
value 0.10212
scoring_system epss
scoring_elements 0.93117
published_at 2026-04-02T12:55:00Z
7
value 0.10212
scoring_system epss
scoring_elements 0.9312
published_at 2026-04-04T12:55:00Z
8
value 0.10212
scoring_system epss
scoring_elements 0.93119
published_at 2026-04-07T12:55:00Z
9
value 0.10212
scoring_system epss
scoring_elements 0.93128
published_at 2026-04-08T12:55:00Z
10
value 0.10212
scoring_system epss
scoring_elements 0.93133
published_at 2026-04-09T12:55:00Z
11
value 0.10212
scoring_system epss
scoring_elements 0.93138
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3572
1
reference_url https://hackerone.com/reports/1727985
reference_id 1727985
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-02T15:03:41Z/
url https://hackerone.com/reports/1727985
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/378214
reference_id 378214
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-02T15:03:41Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/378214
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3572.json
reference_id CVE-2022-3572.json
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-02T15:03:41Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3572.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3572
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n1gx-qsm8-bqgy
200
url VCID-n2jn-c1k6-67b9
vulnerability_id VCID-n2jn-c1k6-67b9
summary Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39916
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51502
published_at 2026-04-24T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51418
published_at 2026-04-01T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.51469
published_at 2026-04-02T12:55:00Z
3
value 0.00281
scoring_system epss
scoring_elements 0.51497
published_at 2026-04-04T12:55:00Z
4
value 0.00281
scoring_system epss
scoring_elements 0.51456
published_at 2026-04-07T12:55:00Z
5
value 0.00281
scoring_system epss
scoring_elements 0.5151
published_at 2026-04-08T12:55:00Z
6
value 0.00281
scoring_system epss
scoring_elements 0.51508
published_at 2026-04-09T12:55:00Z
7
value 0.00281
scoring_system epss
scoring_elements 0.51551
published_at 2026-04-11T12:55:00Z
8
value 0.00281
scoring_system epss
scoring_elements 0.5153
published_at 2026-04-12T12:55:00Z
9
value 0.00281
scoring_system epss
scoring_elements 0.51518
published_at 2026-04-13T12:55:00Z
10
value 0.00281
scoring_system epss
scoring_elements 0.51561
published_at 2026-04-16T12:55:00Z
11
value 0.00281
scoring_system epss
scoring_elements 0.5157
published_at 2026-04-18T12:55:00Z
12
value 0.00281
scoring_system epss
scoring_elements 0.51549
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39916
1
reference_url https://security.archlinux.org/AVG-2604
reference_id AVG-2604
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2604
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39916
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2jn-c1k6-67b9
201
url VCID-n5mw-p57c-2ba3
vulnerability_id VCID-n5mw-p57c-2ba3
summary In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39882
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.27838
published_at 2026-04-24T12:55:00Z
1
value 0.00102
scoring_system epss
scoring_elements 0.28052
published_at 2026-04-01T12:55:00Z
2
value 0.00102
scoring_system epss
scoring_elements 0.28124
published_at 2026-04-02T12:55:00Z
3
value 0.00102
scoring_system epss
scoring_elements 0.28167
published_at 2026-04-04T12:55:00Z
4
value 0.00102
scoring_system epss
scoring_elements 0.27963
published_at 2026-04-07T12:55:00Z
5
value 0.00102
scoring_system epss
scoring_elements 0.28031
published_at 2026-04-08T12:55:00Z
6
value 0.00102
scoring_system epss
scoring_elements 0.28073
published_at 2026-04-09T12:55:00Z
7
value 0.00102
scoring_system epss
scoring_elements 0.2808
published_at 2026-04-11T12:55:00Z
8
value 0.00102
scoring_system epss
scoring_elements 0.28037
published_at 2026-04-12T12:55:00Z
9
value 0.00102
scoring_system epss
scoring_elements 0.2798
published_at 2026-04-13T12:55:00Z
10
value 0.00102
scoring_system epss
scoring_elements 0.27988
published_at 2026-04-16T12:55:00Z
11
value 0.00102
scoring_system epss
scoring_elements 0.27971
published_at 2026-04-18T12:55:00Z
12
value 0.00102
scoring_system epss
scoring_elements 0.27922
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39882
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39882
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n5mw-p57c-2ba3
202
url VCID-n7d2-p93t-73fg
vulnerability_id VCID-n7d2-p93t-73fg
summary All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22219
reference_id
reference_type
scores
0
value 0.00207
scoring_system epss
scoring_elements 0.43036
published_at 2026-04-24T12:55:00Z
1
value 0.00207
scoring_system epss
scoring_elements 0.43055
published_at 2026-04-01T12:55:00Z
2
value 0.00207
scoring_system epss
scoring_elements 0.43113
published_at 2026-04-02T12:55:00Z
3
value 0.00207
scoring_system epss
scoring_elements 0.43141
published_at 2026-04-04T12:55:00Z
4
value 0.00207
scoring_system epss
scoring_elements 0.4308
published_at 2026-04-07T12:55:00Z
5
value 0.00207
scoring_system epss
scoring_elements 0.43133
published_at 2026-04-12T12:55:00Z
6
value 0.00207
scoring_system epss
scoring_elements 0.43145
published_at 2026-04-09T12:55:00Z
7
value 0.00207
scoring_system epss
scoring_elements 0.43166
published_at 2026-04-11T12:55:00Z
8
value 0.00207
scoring_system epss
scoring_elements 0.43118
published_at 2026-04-13T12:55:00Z
9
value 0.00207
scoring_system epss
scoring_elements 0.43179
published_at 2026-04-16T12:55:00Z
10
value 0.00207
scoring_system epss
scoring_elements 0.43168
published_at 2026-04-18T12:55:00Z
11
value 0.00207
scoring_system epss
scoring_elements 0.43102
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22219
1
reference_url https://security.archlinux.org/ASA-202106-21
reference_id ASA-202106-21
reference_type
scores
url https://security.archlinux.org/ASA-202106-21
2
reference_url https://security.archlinux.org/AVG-2023
reference_id AVG-2023
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2023
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22219
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n7d2-p93t-73fg
203
url VCID-n7n7-hk7v-rqa4
vulnerability_id VCID-n7n7-hk7v-rqa4
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22210
reference_id
reference_type
scores
0
value 0.00143
scoring_system epss
scoring_elements 0.34384
published_at 2026-04-24T12:55:00Z
1
value 0.00143
scoring_system epss
scoring_elements 0.34504
published_at 2026-04-01T12:55:00Z
2
value 0.00143
scoring_system epss
scoring_elements 0.34722
published_at 2026-04-02T12:55:00Z
3
value 0.00143
scoring_system epss
scoring_elements 0.34748
published_at 2026-04-04T12:55:00Z
4
value 0.00143
scoring_system epss
scoring_elements 0.34626
published_at 2026-04-07T12:55:00Z
5
value 0.00143
scoring_system epss
scoring_elements 0.34669
published_at 2026-04-08T12:55:00Z
6
value 0.00143
scoring_system epss
scoring_elements 0.34697
published_at 2026-04-09T12:55:00Z
7
value 0.00143
scoring_system epss
scoring_elements 0.347
published_at 2026-04-11T12:55:00Z
8
value 0.00143
scoring_system epss
scoring_elements 0.34662
published_at 2026-04-12T12:55:00Z
9
value 0.00143
scoring_system epss
scoring_elements 0.34637
published_at 2026-04-13T12:55:00Z
10
value 0.00143
scoring_system epss
scoring_elements 0.34676
published_at 2026-04-16T12:55:00Z
11
value 0.00143
scoring_system epss
scoring_elements 0.34661
published_at 2026-04-18T12:55:00Z
12
value 0.00143
scoring_system epss
scoring_elements 0.34621
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22210
1
reference_url https://security.archlinux.org/ASA-202105-4
reference_id ASA-202105-4
reference_type
scores
url https://security.archlinux.org/ASA-202105-4
2
reference_url https://security.archlinux.org/AVG-1888
reference_id AVG-1888
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1888
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22210
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n7n7-hk7v-rqa4
204
url VCID-n83t-8xmt-q7cs
vulnerability_id VCID-n83t-8xmt-q7cs
summary When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22214
reference_id
reference_type
scores
0
value 0.92676
scoring_system epss
scoring_elements 0.99752
published_at 2026-04-24T12:55:00Z
1
value 0.92676
scoring_system epss
scoring_elements 0.9975
published_at 2026-04-21T12:55:00Z
2
value 0.93431
scoring_system epss
scoring_elements 0.99815
published_at 2026-04-04T12:55:00Z
3
value 0.93431
scoring_system epss
scoring_elements 0.99817
published_at 2026-04-13T12:55:00Z
4
value 0.93431
scoring_system epss
scoring_elements 0.99816
published_at 2026-04-09T12:55:00Z
5
value 0.9357
scoring_system epss
scoring_elements 0.99833
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22214
1
reference_url https://security.archlinux.org/ASA-202106-21
reference_id ASA-202106-21
reference_type
scores
url https://security.archlinux.org/ASA-202106-21
2
reference_url https://security.archlinux.org/AVG-2023
reference_id AVG-2023
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2023
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22214
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n83t-8xmt-q7cs
205
url VCID-ncby-z5xr-27by
vulnerability_id VCID-ncby-z5xr-27by
summary A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0121
reference_id
reference_type
scores
0
value 0.01327
scoring_system epss
scoring_elements 0.79986
published_at 2026-04-24T12:55:00Z
1
value 0.01327
scoring_system epss
scoring_elements 0.79921
published_at 2026-04-08T12:55:00Z
2
value 0.01327
scoring_system epss
scoring_elements 0.79929
published_at 2026-04-09T12:55:00Z
3
value 0.01327
scoring_system epss
scoring_elements 0.7995
published_at 2026-04-11T12:55:00Z
4
value 0.01327
scoring_system epss
scoring_elements 0.79933
published_at 2026-04-12T12:55:00Z
5
value 0.01327
scoring_system epss
scoring_elements 0.79926
published_at 2026-04-13T12:55:00Z
6
value 0.01327
scoring_system epss
scoring_elements 0.79954
published_at 2026-04-18T12:55:00Z
7
value 0.01327
scoring_system epss
scoring_elements 0.79958
published_at 2026-04-21T12:55:00Z
8
value 0.01327
scoring_system epss
scoring_elements 0.79904
published_at 2026-04-04T12:55:00Z
9
value 0.01327
scoring_system epss
scoring_elements 0.79892
published_at 2026-04-07T12:55:00Z
10
value 0.01559
scoring_system epss
scoring_elements 0.81415
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0121
1
reference_url https://hackerone.com/reports/1774688
reference_id 1774688
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T17:00:02Z/
url https://hackerone.com/reports/1774688
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/387549
reference_id 387549
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T17:00:02Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/387549
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0121.json
reference_id CVE-2023-0121.json
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T17:00:02Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0121.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-0121
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ncby-z5xr-27by
206
url VCID-ncrc-1zac-tucd
vulnerability_id VCID-ncrc-1zac-tucd
summary In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39872
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.43961
published_at 2026-04-24T12:55:00Z
1
value 0.00215
scoring_system epss
scoring_elements 0.44
published_at 2026-04-01T12:55:00Z
2
value 0.00215
scoring_system epss
scoring_elements 0.44048
published_at 2026-04-02T12:55:00Z
3
value 0.00215
scoring_system epss
scoring_elements 0.44072
published_at 2026-04-04T12:55:00Z
4
value 0.00215
scoring_system epss
scoring_elements 0.44003
published_at 2026-04-07T12:55:00Z
5
value 0.00215
scoring_system epss
scoring_elements 0.44054
published_at 2026-04-08T12:55:00Z
6
value 0.00215
scoring_system epss
scoring_elements 0.44056
published_at 2026-04-09T12:55:00Z
7
value 0.00215
scoring_system epss
scoring_elements 0.44071
published_at 2026-04-11T12:55:00Z
8
value 0.00215
scoring_system epss
scoring_elements 0.44038
published_at 2026-04-12T12:55:00Z
9
value 0.00215
scoring_system epss
scoring_elements 0.44022
published_at 2026-04-13T12:55:00Z
10
value 0.00215
scoring_system epss
scoring_elements 0.44084
published_at 2026-04-16T12:55:00Z
11
value 0.00215
scoring_system epss
scoring_elements 0.44075
published_at 2026-04-18T12:55:00Z
12
value 0.00215
scoring_system epss
scoring_elements 0.44009
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39872
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39872
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ncrc-1zac-tucd
207
url VCID-nf4u-tmjr-ykge
vulnerability_id VCID-nf4u-tmjr-ykge
summary An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3758
reference_id
reference_type
scores
0
value 0.00428
scoring_system epss
scoring_elements 0.62475
published_at 2026-04-21T12:55:00Z
1
value 0.00428
scoring_system epss
scoring_elements 0.62474
published_at 2026-04-11T12:55:00Z
2
value 0.00428
scoring_system epss
scoring_elements 0.62464
published_at 2026-04-12T12:55:00Z
3
value 0.00428
scoring_system epss
scoring_elements 0.62441
published_at 2026-04-13T12:55:00Z
4
value 0.00428
scoring_system epss
scoring_elements 0.62485
published_at 2026-04-24T12:55:00Z
5
value 0.00428
scoring_system epss
scoring_elements 0.62492
published_at 2026-04-18T12:55:00Z
6
value 0.00428
scoring_system epss
scoring_elements 0.62393
published_at 2026-04-02T12:55:00Z
7
value 0.00428
scoring_system epss
scoring_elements 0.62424
published_at 2026-04-04T12:55:00Z
8
value 0.00428
scoring_system epss
scoring_elements 0.6239
published_at 2026-04-07T12:55:00Z
9
value 0.00428
scoring_system epss
scoring_elements 0.62438
published_at 2026-04-08T12:55:00Z
10
value 0.00428
scoring_system epss
scoring_elements 0.62455
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3758
1
reference_url https://hackerone.com/reports/1751258
reference_id 1751258
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T17:30:33Z/
url https://hackerone.com/reports/1751258
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/379598
reference_id 379598
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T17:30:33Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/379598
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3758.json
reference_id CVE-2022-3758.json
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T17:30:33Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3758.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3758
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nf4u-tmjr-ykge
208
url VCID-nppq-4ze2-p7bk
vulnerability_id VCID-nppq-4ze2-p7bk
summary Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the victim's other private websites
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1148
reference_id
reference_type
scores
0
value 0.00202
scoring_system epss
scoring_elements 0.42262
published_at 2026-04-01T12:55:00Z
1
value 0.00202
scoring_system epss
scoring_elements 0.42337
published_at 2026-04-02T12:55:00Z
2
value 0.00202
scoring_system epss
scoring_elements 0.42366
published_at 2026-04-04T12:55:00Z
3
value 0.00202
scoring_system epss
scoring_elements 0.42308
published_at 2026-04-07T12:55:00Z
4
value 0.00202
scoring_system epss
scoring_elements 0.42356
published_at 2026-04-08T12:55:00Z
5
value 0.00202
scoring_system epss
scoring_elements 0.42363
published_at 2026-04-09T12:55:00Z
6
value 0.00202
scoring_system epss
scoring_elements 0.42387
published_at 2026-04-11T12:55:00Z
7
value 0.00202
scoring_system epss
scoring_elements 0.42351
published_at 2026-04-12T12:55:00Z
8
value 0.00202
scoring_system epss
scoring_elements 0.42322
published_at 2026-04-13T12:55:00Z
9
value 0.00202
scoring_system epss
scoring_elements 0.4237
published_at 2026-04-16T12:55:00Z
10
value 0.00202
scoring_system epss
scoring_elements 0.42346
published_at 2026-04-18T12:55:00Z
11
value 0.00202
scoring_system epss
scoring_elements 0.42273
published_at 2026-04-21T12:55:00Z
12
value 0.00202
scoring_system epss
scoring_elements 0.42205
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1148
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1148
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nppq-4ze2-p7bk
209
url VCID-nr16-z21q-aygq
vulnerability_id VCID-nr16-z21q-aygq
summary An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1999
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.35571
published_at 2026-04-01T12:55:00Z
1
value 0.00151
scoring_system epss
scoring_elements 0.35767
published_at 2026-04-02T12:55:00Z
2
value 0.00151
scoring_system epss
scoring_elements 0.35793
published_at 2026-04-04T12:55:00Z
3
value 0.00151
scoring_system epss
scoring_elements 0.35673
published_at 2026-04-07T12:55:00Z
4
value 0.00151
scoring_system epss
scoring_elements 0.35719
published_at 2026-04-08T12:55:00Z
5
value 0.00151
scoring_system epss
scoring_elements 0.35742
published_at 2026-04-09T12:55:00Z
6
value 0.00151
scoring_system epss
scoring_elements 0.35751
published_at 2026-04-11T12:55:00Z
7
value 0.00151
scoring_system epss
scoring_elements 0.35706
published_at 2026-04-12T12:55:00Z
8
value 0.00151
scoring_system epss
scoring_elements 0.35683
published_at 2026-04-13T12:55:00Z
9
value 0.00151
scoring_system epss
scoring_elements 0.35723
published_at 2026-04-16T12:55:00Z
10
value 0.00151
scoring_system epss
scoring_elements 0.35711
published_at 2026-04-18T12:55:00Z
11
value 0.00151
scoring_system epss
scoring_elements 0.35662
published_at 2026-04-21T12:55:00Z
12
value 0.00151
scoring_system epss
scoring_elements 0.35428
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1999
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1999
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nr16-z21q-aygq
210
url VCID-nskz-aqm2-c3eb
vulnerability_id VCID-nskz-aqm2-c3eb
summary A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2908
reference_id
reference_type
scores
0
value 0.00255
scoring_system epss
scoring_elements 0.48792
published_at 2026-04-02T12:55:00Z
1
value 0.00255
scoring_system epss
scoring_elements 0.48818
published_at 2026-04-04T12:55:00Z
2
value 0.00255
scoring_system epss
scoring_elements 0.48772
published_at 2026-04-07T12:55:00Z
3
value 0.00255
scoring_system epss
scoring_elements 0.48827
published_at 2026-04-08T12:55:00Z
4
value 0.00255
scoring_system epss
scoring_elements 0.48824
published_at 2026-04-09T12:55:00Z
5
value 0.00255
scoring_system epss
scoring_elements 0.48841
published_at 2026-04-11T12:55:00Z
6
value 0.00269
scoring_system epss
scoring_elements 0.50376
published_at 2026-04-12T12:55:00Z
7
value 0.00269
scoring_system epss
scoring_elements 0.50362
published_at 2026-04-13T12:55:00Z
8
value 0.00269
scoring_system epss
scoring_elements 0.50406
published_at 2026-04-16T12:55:00Z
9
value 0.00269
scoring_system epss
scoring_elements 0.5041
published_at 2026-04-18T12:55:00Z
10
value 0.00269
scoring_system epss
scoring_elements 0.50387
published_at 2026-04-21T12:55:00Z
11
value 0.00269
scoring_system epss
scoring_elements 0.50333
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2908
1
reference_url https://hackerone.com/reports/1584156
reference_id 1584156
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:10:50Z/
url https://hackerone.com/reports/1584156
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/363734
reference_id 363734
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:10:50Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/363734
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2908.json
reference_id CVE-2022-2908.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:10:50Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2908.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2908
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nskz-aqm2-c3eb
211
url VCID-nt6t-mfd5-k3fn
vulnerability_id VCID-nt6t-mfd5-k3fn
summary 
apollo_upload_server has Denial of Service vulnerability
A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE version 11.11 and above allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39880
reference_id
reference_type
scores
0
value 0.00386
scoring_system epss
scoring_elements 0.59798
published_at 2026-04-08T12:55:00Z
1
value 0.00386
scoring_system epss
scoring_elements 0.59794
published_at 2026-04-24T12:55:00Z
2
value 0.00386
scoring_system epss
scoring_elements 0.59824
published_at 2026-04-21T12:55:00Z
3
value 0.00386
scoring_system epss
scoring_elements 0.5984
published_at 2026-04-18T12:55:00Z
4
value 0.00386
scoring_system epss
scoring_elements 0.59833
published_at 2026-04-16T12:55:00Z
5
value 0.00386
scoring_system epss
scoring_elements 0.59796
published_at 2026-04-13T12:55:00Z
6
value 0.00386
scoring_system epss
scoring_elements 0.59814
published_at 2026-04-12T12:55:00Z
7
value 0.00386
scoring_system epss
scoring_elements 0.5983
published_at 2026-04-11T12:55:00Z
8
value 0.00386
scoring_system epss
scoring_elements 0.59811
published_at 2026-04-09T12:55:00Z
9
value 0.00386
scoring_system epss
scoring_elements 0.59679
published_at 2026-04-01T12:55:00Z
10
value 0.00386
scoring_system epss
scoring_elements 0.59752
published_at 2026-04-02T12:55:00Z
11
value 0.00386
scoring_system epss
scoring_elements 0.59776
published_at 2026-04-04T12:55:00Z
12
value 0.00386
scoring_system epss
scoring_elements 0.59746
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39880
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39880
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39880
2
reference_url https://github.com/jetruby/apollo_upload_server-ruby
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jetruby/apollo_upload_server-ruby
3
reference_url https://github.com/jetruby/apollo_upload_server-ruby/commit/b0582c1a3e458eee3c994fb38278bd0221f20486
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jetruby/apollo_upload_server-ruby/commit/b0582c1a3e458eee3c994fb38278bd0221f20486
4
reference_url https://github.com/jetruby/apollo_upload_server-ruby/pull/44
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jetruby/apollo_upload_server-ruby/pull/44
5
reference_url https://github.com/jetruby/apollo_upload_server-ruby/releases/tag/2.1.0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jetruby/apollo_upload_server-ruby/releases/tag/2.1.0
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/apollo_upload_server/CVE-2021-39880.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/apollo_upload_server/CVE-2021-39880.yml
7
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39880.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39880.json
8
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/330561
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.com/gitlab-org/gitlab/-/issues/330561
9
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/330561#note_642879964
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.com/gitlab-org/gitlab/-/issues/330561#note_642879964
10
reference_url https://hackerone.com/reports/1181284
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/1181284
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39880
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39880
12
reference_url https://vuldb.com/?id.183842
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vuldb.com/?id.183842
13
reference_url https://github.com/advisories/GHSA-w6pv-c757-6rgr
reference_id GHSA-w6pv-c757-6rgr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w6pv-c757-6rgr
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39880, GHSA-w6pv-c757-6rgr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nt6t-mfd5-k3fn
212
url VCID-nwmu-uakv-eqfa
vulnerability_id VCID-nwmu-uakv-eqfa
summary An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3482
reference_id
reference_type
scores
0
value 0.00373
scoring_system epss
scoring_elements 0.59046
published_at 2026-04-24T12:55:00Z
1
value 0.00373
scoring_system epss
scoring_elements 0.59084
published_at 2026-04-11T12:55:00Z
2
value 0.00373
scoring_system epss
scoring_elements 0.59066
published_at 2026-04-12T12:55:00Z
3
value 0.00373
scoring_system epss
scoring_elements 0.59047
published_at 2026-04-13T12:55:00Z
4
value 0.00373
scoring_system epss
scoring_elements 0.59082
published_at 2026-04-16T12:55:00Z
5
value 0.00373
scoring_system epss
scoring_elements 0.59086
published_at 2026-04-18T12:55:00Z
6
value 0.00373
scoring_system epss
scoring_elements 0.5902
published_at 2026-04-02T12:55:00Z
7
value 0.00373
scoring_system epss
scoring_elements 0.59042
published_at 2026-04-04T12:55:00Z
8
value 0.00373
scoring_system epss
scoring_elements 0.59008
published_at 2026-04-07T12:55:00Z
9
value 0.00373
scoring_system epss
scoring_elements 0.59059
published_at 2026-04-08T12:55:00Z
10
value 0.00373
scoring_system epss
scoring_elements 0.59065
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3482
1
reference_url https://hackerone.com/reports/1725841
reference_id 1725841
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:04:13Z/
url https://hackerone.com/reports/1725841
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/377802
reference_id 377802
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:04:13Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/377802
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3482.json
reference_id CVE-2022-3482.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:04:13Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3482.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3482
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nwmu-uakv-eqfa
213
url VCID-p2cr-m73e-tkcj
vulnerability_id VCID-p2cr-m73e-tkcj
summary An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users' email addresses via SCIM to an attacker controlled email address and thus - in the absence of 2FA - take over those accounts. It is also possible for the attacker to change the display name and username of the targeted account.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1680
reference_id
reference_type
scores
0
value 0.10386
scoring_system epss
scoring_elements 0.93183
published_at 2026-04-01T12:55:00Z
1
value 0.10386
scoring_system epss
scoring_elements 0.93192
published_at 2026-04-02T12:55:00Z
2
value 0.10386
scoring_system epss
scoring_elements 0.93196
published_at 2026-04-04T12:55:00Z
3
value 0.10386
scoring_system epss
scoring_elements 0.93194
published_at 2026-04-07T12:55:00Z
4
value 0.10386
scoring_system epss
scoring_elements 0.93203
published_at 2026-04-08T12:55:00Z
5
value 0.10386
scoring_system epss
scoring_elements 0.93207
published_at 2026-04-09T12:55:00Z
6
value 0.10386
scoring_system epss
scoring_elements 0.93211
published_at 2026-04-11T12:55:00Z
7
value 0.10386
scoring_system epss
scoring_elements 0.93209
published_at 2026-04-12T12:55:00Z
8
value 0.10386
scoring_system epss
scoring_elements 0.9321
published_at 2026-04-13T12:55:00Z
9
value 0.10386
scoring_system epss
scoring_elements 0.93226
published_at 2026-04-16T12:55:00Z
10
value 0.10386
scoring_system epss
scoring_elements 0.93231
published_at 2026-04-18T12:55:00Z
11
value 0.10386
scoring_system epss
scoring_elements 0.93238
published_at 2026-04-21T12:55:00Z
12
value 0.10386
scoring_system epss
scoring_elements 0.93244
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1680
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1680
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p2cr-m73e-tkcj
214
url VCID-p3g7-kade-fqfq
vulnerability_id VCID-p3g7-kade-fqfq
summary A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22227
reference_id
reference_type
scores
0
value 0.00106
scoring_system epss
scoring_elements 0.28477
published_at 2026-04-24T12:55:00Z
1
value 0.00106
scoring_system epss
scoring_elements 0.28691
published_at 2026-04-01T12:55:00Z
2
value 0.00106
scoring_system epss
scoring_elements 0.28773
published_at 2026-04-02T12:55:00Z
3
value 0.00106
scoring_system epss
scoring_elements 0.28821
published_at 2026-04-04T12:55:00Z
4
value 0.00106
scoring_system epss
scoring_elements 0.28628
published_at 2026-04-07T12:55:00Z
5
value 0.00106
scoring_system epss
scoring_elements 0.28693
published_at 2026-04-12T12:55:00Z
6
value 0.00106
scoring_system epss
scoring_elements 0.28732
published_at 2026-04-09T12:55:00Z
7
value 0.00106
scoring_system epss
scoring_elements 0.28737
published_at 2026-04-11T12:55:00Z
8
value 0.00106
scoring_system epss
scoring_elements 0.28645
published_at 2026-04-13T12:55:00Z
9
value 0.00106
scoring_system epss
scoring_elements 0.28664
published_at 2026-04-16T12:55:00Z
10
value 0.00106
scoring_system epss
scoring_elements 0.28639
published_at 2026-04-18T12:55:00Z
11
value 0.00106
scoring_system epss
scoring_elements 0.28591
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22227
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22227
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p3g7-kade-fqfq
215
url VCID-p3rb-k9b7-nubz
vulnerability_id VCID-p3rb-k9b7-nubz
summary Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1120
reference_id
reference_type
scores
0
value 0.00241
scoring_system epss
scoring_elements 0.47302
published_at 2026-04-01T12:55:00Z
1
value 0.00241
scoring_system epss
scoring_elements 0.47338
published_at 2026-04-02T12:55:00Z
2
value 0.00241
scoring_system epss
scoring_elements 0.47359
published_at 2026-04-12T12:55:00Z
3
value 0.00241
scoring_system epss
scoring_elements 0.47307
published_at 2026-04-07T12:55:00Z
4
value 0.00241
scoring_system epss
scoring_elements 0.47362
published_at 2026-04-08T12:55:00Z
5
value 0.00241
scoring_system epss
scoring_elements 0.4736
published_at 2026-04-09T12:55:00Z
6
value 0.00241
scoring_system epss
scoring_elements 0.47384
published_at 2026-04-11T12:55:00Z
7
value 0.00241
scoring_system epss
scoring_elements 0.47365
published_at 2026-04-13T12:55:00Z
8
value 0.00241
scoring_system epss
scoring_elements 0.47424
published_at 2026-04-16T12:55:00Z
9
value 0.00241
scoring_system epss
scoring_elements 0.47418
published_at 2026-04-18T12:55:00Z
10
value 0.00241
scoring_system epss
scoring_elements 0.4737
published_at 2026-04-21T12:55:00Z
11
value 0.00241
scoring_system epss
scoring_elements 0.47357
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1120
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1120
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p3rb-k9b7-nubz
216
url VCID-pbx3-txrf-7khk
vulnerability_id VCID-pbx3-txrf-7khk
summary An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1265
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.1022
published_at 2026-04-24T12:55:00Z
1
value 0.00035
scoring_system epss
scoring_elements 0.1028
published_at 2026-04-12T12:55:00Z
2
value 0.00035
scoring_system epss
scoring_elements 0.10261
published_at 2026-04-13T12:55:00Z
3
value 0.00035
scoring_system epss
scoring_elements 0.10134
published_at 2026-04-16T12:55:00Z
4
value 0.00035
scoring_system epss
scoring_elements 0.10107
published_at 2026-04-18T12:55:00Z
5
value 0.00035
scoring_system epss
scoring_elements 0.10241
published_at 2026-04-21T12:55:00Z
6
value 0.00035
scoring_system epss
scoring_elements 0.10193
published_at 2026-04-02T12:55:00Z
7
value 0.00035
scoring_system epss
scoring_elements 0.10257
published_at 2026-04-04T12:55:00Z
8
value 0.00035
scoring_system epss
scoring_elements 0.10153
published_at 2026-04-07T12:55:00Z
9
value 0.00035
scoring_system epss
scoring_elements 0.10227
published_at 2026-04-08T12:55:00Z
10
value 0.00035
scoring_system epss
scoring_elements 0.1029
published_at 2026-04-09T12:55:00Z
11
value 0.00035
scoring_system epss
scoring_elements 0.10321
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1265
1
reference_url https://hackerone.com/reports/1888690
reference_id 1888690
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T21:48:32Z/
url https://hackerone.com/reports/1888690
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/394960
reference_id 394960
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T21:48:32Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/394960
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1265.json
reference_id CVE-2023-1265.json
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T21:48:32Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1265.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-1265
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pbx3-txrf-7khk
217
url VCID-pk3s-fw2e-wfe3
vulnerability_id VCID-pk3s-fw2e-wfe3
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2478
reference_id
reference_type
scores
0
value 0.00345
scoring_system epss
scoring_elements 0.57048
published_at 2026-04-24T12:55:00Z
1
value 0.00345
scoring_system epss
scoring_elements 0.57136
published_at 2026-04-12T12:55:00Z
2
value 0.00345
scoring_system epss
scoring_elements 0.57116
published_at 2026-04-13T12:55:00Z
3
value 0.00345
scoring_system epss
scoring_elements 0.57143
published_at 2026-04-16T12:55:00Z
4
value 0.00345
scoring_system epss
scoring_elements 0.57139
published_at 2026-04-18T12:55:00Z
5
value 0.00345
scoring_system epss
scoring_elements 0.57117
published_at 2026-04-21T12:55:00Z
6
value 0.00345
scoring_system epss
scoring_elements 0.57092
published_at 2026-04-07T12:55:00Z
7
value 0.00345
scoring_system epss
scoring_elements 0.57115
published_at 2026-04-04T12:55:00Z
8
value 0.00345
scoring_system epss
scoring_elements 0.57142
published_at 2026-04-08T12:55:00Z
9
value 0.00345
scoring_system epss
scoring_elements 0.57144
published_at 2026-04-09T12:55:00Z
10
value 0.00345
scoring_system epss
scoring_elements 0.57157
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2478
1
reference_url https://hackerone.com/reports/1969599
reference_id 1969599
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-29T17:16:17Z/
url https://hackerone.com/reports/1969599
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/409470
reference_id 409470
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-29T17:16:17Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/409470
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2478.json
reference_id CVE-2023-2478.json
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-29T17:16:17Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2478.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-2478
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pk3s-fw2e-wfe3
218
url VCID-pvbz-xug9-tbem
vulnerability_id VCID-pvbz-xug9-tbem
summary An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3819
reference_id
reference_type
scores
0
value 0.00106
scoring_system epss
scoring_elements 0.28484
published_at 2026-04-24T12:55:00Z
1
value 0.00106
scoring_system epss
scoring_elements 0.2867
published_at 2026-04-16T12:55:00Z
2
value 0.00106
scoring_system epss
scoring_elements 0.28646
published_at 2026-04-18T12:55:00Z
3
value 0.00106
scoring_system epss
scoring_elements 0.28598
published_at 2026-04-21T12:55:00Z
4
value 0.00106
scoring_system epss
scoring_elements 0.28781
published_at 2026-04-02T12:55:00Z
5
value 0.00106
scoring_system epss
scoring_elements 0.28829
published_at 2026-04-04T12:55:00Z
6
value 0.00106
scoring_system epss
scoring_elements 0.28635
published_at 2026-04-07T12:55:00Z
7
value 0.00106
scoring_system epss
scoring_elements 0.28701
published_at 2026-04-08T12:55:00Z
8
value 0.00106
scoring_system epss
scoring_elements 0.28739
published_at 2026-04-09T12:55:00Z
9
value 0.00106
scoring_system epss
scoring_elements 0.28743
published_at 2026-04-11T12:55:00Z
10
value 0.00106
scoring_system epss
scoring_elements 0.28699
published_at 2026-04-12T12:55:00Z
11
value 0.00106
scoring_system epss
scoring_elements 0.28651
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3819
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/365847
reference_id 365847
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:20:26Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/365847
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3819.json
reference_id CVE-2022-3819.json
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:20:26Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3819.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3819
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pvbz-xug9-tbem
219
url VCID-pvu9-jhxn-7qfa
vulnerability_id VCID-pvu9-jhxn-7qfa
summary An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0488
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.34674
published_at 2026-04-01T12:55:00Z
1
value 0.00145
scoring_system epss
scoring_elements 0.34889
published_at 2026-04-02T12:55:00Z
2
value 0.00145
scoring_system epss
scoring_elements 0.34916
published_at 2026-04-04T12:55:00Z
3
value 0.00145
scoring_system epss
scoring_elements 0.34794
published_at 2026-04-07T12:55:00Z
4
value 0.00145
scoring_system epss
scoring_elements 0.34838
published_at 2026-04-08T12:55:00Z
5
value 0.00145
scoring_system epss
scoring_elements 0.34867
published_at 2026-04-09T12:55:00Z
6
value 0.00145
scoring_system epss
scoring_elements 0.34872
published_at 2026-04-11T12:55:00Z
7
value 0.00145
scoring_system epss
scoring_elements 0.34834
published_at 2026-04-12T12:55:00Z
8
value 0.00145
scoring_system epss
scoring_elements 0.3481
published_at 2026-04-13T12:55:00Z
9
value 0.00145
scoring_system epss
scoring_elements 0.34848
published_at 2026-04-16T12:55:00Z
10
value 0.00145
scoring_system epss
scoring_elements 0.34831
published_at 2026-04-18T12:55:00Z
11
value 0.00145
scoring_system epss
scoring_elements 0.34787
published_at 2026-04-21T12:55:00Z
12
value 0.00145
scoring_system epss
scoring_elements 0.3455
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0488
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0488
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pvu9-jhxn-7qfa
220
url VCID-pyhd-r9cj-bqd9
vulnerability_id VCID-pyhd-r9cj-bqd9
summary An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1084
reference_id
reference_type
scores
0
value 0.03934
scoring_system epss
scoring_elements 0.88358
published_at 2026-04-24T12:55:00Z
1
value 0.03934
scoring_system epss
scoring_elements 0.88331
published_at 2026-04-09T12:55:00Z
2
value 0.03934
scoring_system epss
scoring_elements 0.88341
published_at 2026-04-21T12:55:00Z
3
value 0.03934
scoring_system epss
scoring_elements 0.88333
published_at 2026-04-13T12:55:00Z
4
value 0.03934
scoring_system epss
scoring_elements 0.88346
published_at 2026-04-16T12:55:00Z
5
value 0.03934
scoring_system epss
scoring_elements 0.88342
published_at 2026-04-18T12:55:00Z
6
value 0.03934
scoring_system epss
scoring_elements 0.88286
published_at 2026-04-02T12:55:00Z
7
value 0.03934
scoring_system epss
scoring_elements 0.88301
published_at 2026-04-04T12:55:00Z
8
value 0.03934
scoring_system epss
scoring_elements 0.88305
published_at 2026-04-07T12:55:00Z
9
value 0.03934
scoring_system epss
scoring_elements 0.88325
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1084
1
reference_url https://hackerone.com/reports/1805549
reference_id 1805549
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:34:04Z/
url https://hackerone.com/reports/1805549
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/390696
reference_id 390696
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:34:04Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/390696
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1084.json
reference_id CVE-2023-1084.json
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:34:04Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1084.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-1084
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pyhd-r9cj-bqd9
221
url VCID-q8mh-pz3u-cufu
vulnerability_id VCID-q8mh-pz3u-cufu
summary An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22193
reference_id
reference_type
scores
0
value 0.00279
scoring_system epss
scoring_elements 0.51204
published_at 2026-04-01T12:55:00Z
1
value 0.00279
scoring_system epss
scoring_elements 0.51257
published_at 2026-04-02T12:55:00Z
2
value 0.00279
scoring_system epss
scoring_elements 0.51282
published_at 2026-04-04T12:55:00Z
3
value 0.00279
scoring_system epss
scoring_elements 0.51242
published_at 2026-04-07T12:55:00Z
4
value 0.00279
scoring_system epss
scoring_elements 0.51297
published_at 2026-04-08T12:55:00Z
5
value 0.00279
scoring_system epss
scoring_elements 0.51293
published_at 2026-04-09T12:55:00Z
6
value 0.00279
scoring_system epss
scoring_elements 0.51337
published_at 2026-04-11T12:55:00Z
7
value 0.00279
scoring_system epss
scoring_elements 0.51317
published_at 2026-04-12T12:55:00Z
8
value 0.00279
scoring_system epss
scoring_elements 0.51303
published_at 2026-04-13T12:55:00Z
9
value 0.00279
scoring_system epss
scoring_elements 0.51343
published_at 2026-04-16T12:55:00Z
10
value 0.00279
scoring_system epss
scoring_elements 0.51352
published_at 2026-04-18T12:55:00Z
11
value 0.00279
scoring_system epss
scoring_elements 0.51331
published_at 2026-04-21T12:55:00Z
12
value 0.00279
scoring_system epss
scoring_elements 0.51278
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22193
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22193
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8mh-pz3u-cufu
222
url VCID-q9ks-5exh-c7at
vulnerability_id VCID-q9ks-5exh-c7at
summary An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access sensitive information through RSS feeds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0093
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.5262
published_at 2026-04-01T12:55:00Z
1
value 0.00294
scoring_system epss
scoring_elements 0.52663
published_at 2026-04-02T12:55:00Z
2
value 0.00294
scoring_system epss
scoring_elements 0.5269
published_at 2026-04-04T12:55:00Z
3
value 0.00294
scoring_system epss
scoring_elements 0.52655
published_at 2026-04-07T12:55:00Z
4
value 0.00294
scoring_system epss
scoring_elements 0.52705
published_at 2026-04-08T12:55:00Z
5
value 0.00294
scoring_system epss
scoring_elements 0.52699
published_at 2026-04-24T12:55:00Z
6
value 0.00294
scoring_system epss
scoring_elements 0.5275
published_at 2026-04-11T12:55:00Z
7
value 0.00294
scoring_system epss
scoring_elements 0.52733
published_at 2026-04-12T12:55:00Z
8
value 0.00294
scoring_system epss
scoring_elements 0.52718
published_at 2026-04-13T12:55:00Z
9
value 0.00294
scoring_system epss
scoring_elements 0.52756
published_at 2026-04-16T12:55:00Z
10
value 0.00294
scoring_system epss
scoring_elements 0.52764
published_at 2026-04-18T12:55:00Z
11
value 0.00294
scoring_system epss
scoring_elements 0.52748
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0093
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0093
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q9ks-5exh-c7at
223
url VCID-qbba-6zcj-zyht
vulnerability_id VCID-qbba-6zcj-zyht
summary A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4138
reference_id
reference_type
scores
0
value 0.00242
scoring_system epss
scoring_elements 0.4748
published_at 2026-04-24T12:55:00Z
1
value 0.00242
scoring_system epss
scoring_elements 0.47481
published_at 2026-04-12T12:55:00Z
2
value 0.00242
scoring_system epss
scoring_elements 0.47488
published_at 2026-04-13T12:55:00Z
3
value 0.00242
scoring_system epss
scoring_elements 0.47548
published_at 2026-04-16T12:55:00Z
4
value 0.00242
scoring_system epss
scoring_elements 0.4754
published_at 2026-04-18T12:55:00Z
5
value 0.00242
scoring_system epss
scoring_elements 0.47492
published_at 2026-04-21T12:55:00Z
6
value 0.00242
scoring_system epss
scoring_elements 0.47461
published_at 2026-04-02T12:55:00Z
7
value 0.00242
scoring_system epss
scoring_elements 0.47482
published_at 2026-04-04T12:55:00Z
8
value 0.00242
scoring_system epss
scoring_elements 0.47431
published_at 2026-04-07T12:55:00Z
9
value 0.00242
scoring_system epss
scoring_elements 0.47486
published_at 2026-04-08T12:55:00Z
10
value 0.00242
scoring_system epss
scoring_elements 0.47483
published_at 2026-04-09T12:55:00Z
11
value 0.00242
scoring_system epss
scoring_elements 0.47505
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4138
1
reference_url https://hackerone.com/reports/1778009
reference_id 1778009
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T19:13:06Z/
url https://hackerone.com/reports/1778009
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/383709
reference_id 383709
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T19:13:06Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/383709
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4138.json
reference_id CVE-2022-4138.json
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T19:13:06Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4138.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-4138
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qbba-6zcj-zyht
224
url VCID-qnnn-gkya-57gx
vulnerability_id VCID-qnnn-gkya-57gx
summary An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3793
reference_id
reference_type
scores
0
value 0.00178
scoring_system epss
scoring_elements 0.39113
published_at 2026-04-24T12:55:00Z
1
value 0.00178
scoring_system epss
scoring_elements 0.39425
published_at 2026-04-16T12:55:00Z
2
value 0.00178
scoring_system epss
scoring_elements 0.39396
published_at 2026-04-18T12:55:00Z
3
value 0.00178
scoring_system epss
scoring_elements 0.39309
published_at 2026-04-21T12:55:00Z
4
value 0.00178
scoring_system epss
scoring_elements 0.39409
published_at 2026-04-02T12:55:00Z
5
value 0.00178
scoring_system epss
scoring_elements 0.39433
published_at 2026-04-04T12:55:00Z
6
value 0.00178
scoring_system epss
scoring_elements 0.39347
published_at 2026-04-07T12:55:00Z
7
value 0.00178
scoring_system epss
scoring_elements 0.39402
published_at 2026-04-08T12:55:00Z
8
value 0.00178
scoring_system epss
scoring_elements 0.39419
published_at 2026-04-09T12:55:00Z
9
value 0.00178
scoring_system epss
scoring_elements 0.3943
published_at 2026-04-11T12:55:00Z
10
value 0.00178
scoring_system epss
scoring_elements 0.39391
published_at 2026-04-12T12:55:00Z
11
value 0.00178
scoring_system epss
scoring_elements 0.39373
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3793
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/372120
reference_id 372120
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:21:55Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/372120
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3793.json
reference_id CVE-2022-3793.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:21:55Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3793.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3793
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qnnn-gkya-57gx
225
url VCID-qp9w-2nrf-37g8
vulnerability_id VCID-qp9w-2nrf-37g8
summary An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0489
reference_id
reference_type
scores
0
value 0.00199
scoring_system epss
scoring_elements 0.41949
published_at 2026-04-01T12:55:00Z
1
value 0.00199
scoring_system epss
scoring_elements 0.4201
published_at 2026-04-02T12:55:00Z
2
value 0.00199
scoring_system epss
scoring_elements 0.42038
published_at 2026-04-04T12:55:00Z
3
value 0.00199
scoring_system epss
scoring_elements 0.41965
published_at 2026-04-07T12:55:00Z
4
value 0.00199
scoring_system epss
scoring_elements 0.42015
published_at 2026-04-08T12:55:00Z
5
value 0.00199
scoring_system epss
scoring_elements 0.42026
published_at 2026-04-09T12:55:00Z
6
value 0.00199
scoring_system epss
scoring_elements 0.42049
published_at 2026-04-11T12:55:00Z
7
value 0.00199
scoring_system epss
scoring_elements 0.42011
published_at 2026-04-12T12:55:00Z
8
value 0.00199
scoring_system epss
scoring_elements 0.41997
published_at 2026-04-13T12:55:00Z
9
value 0.00199
scoring_system epss
scoring_elements 0.42047
published_at 2026-04-16T12:55:00Z
10
value 0.00199
scoring_system epss
scoring_elements 0.4202
published_at 2026-04-18T12:55:00Z
11
value 0.00199
scoring_system epss
scoring_elements 0.4195
published_at 2026-04-21T12:55:00Z
12
value 0.00199
scoring_system epss
scoring_elements 0.41889
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0489
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0489
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qp9w-2nrf-37g8
226
url VCID-qs8s-5gm5-m3hy
vulnerability_id VCID-qs8s-5gm5-m3hy
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22241
reference_id
reference_type
scores
0
value 0.00191
scoring_system epss
scoring_elements 0.40837
published_at 2026-04-24T12:55:00Z
1
value 0.00191
scoring_system epss
scoring_elements 0.40933
published_at 2026-04-01T12:55:00Z
2
value 0.00191
scoring_system epss
scoring_elements 0.41015
published_at 2026-04-02T12:55:00Z
3
value 0.00191
scoring_system epss
scoring_elements 0.41046
published_at 2026-04-04T12:55:00Z
4
value 0.00191
scoring_system epss
scoring_elements 0.40972
published_at 2026-04-07T12:55:00Z
5
value 0.00191
scoring_system epss
scoring_elements 0.41021
published_at 2026-04-08T12:55:00Z
6
value 0.00191
scoring_system epss
scoring_elements 0.41029
published_at 2026-04-09T12:55:00Z
7
value 0.00191
scoring_system epss
scoring_elements 0.41047
published_at 2026-04-11T12:55:00Z
8
value 0.00191
scoring_system epss
scoring_elements 0.41012
published_at 2026-04-12T12:55:00Z
9
value 0.00191
scoring_system epss
scoring_elements 0.40996
published_at 2026-04-13T12:55:00Z
10
value 0.00191
scoring_system epss
scoring_elements 0.41038
published_at 2026-04-16T12:55:00Z
11
value 0.00191
scoring_system epss
scoring_elements 0.41008
published_at 2026-04-18T12:55:00Z
12
value 0.00191
scoring_system epss
scoring_elements 0.40931
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22241
1
reference_url https://security.archlinux.org/ASA-202108-7
reference_id ASA-202108-7
reference_type
scores
url https://security.archlinux.org/ASA-202108-7
2
reference_url https://security.archlinux.org/AVG-2251
reference_id AVG-2251
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2251
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22241
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qs8s-5gm5-m3hy
227
url VCID-qu4k-ch4z-quck
vulnerability_id VCID-qu4k-ch4z-quck
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2013
reference_id
reference_type
scores
0
value 0.00221
scoring_system epss
scoring_elements 0.44624
published_at 2026-04-24T12:55:00Z
1
value 0.00221
scoring_system epss
scoring_elements 0.44741
published_at 2026-04-09T12:55:00Z
2
value 0.00221
scoring_system epss
scoring_elements 0.44757
published_at 2026-04-11T12:55:00Z
3
value 0.00221
scoring_system epss
scoring_elements 0.44726
published_at 2026-04-12T12:55:00Z
4
value 0.00221
scoring_system epss
scoring_elements 0.44727
published_at 2026-04-13T12:55:00Z
5
value 0.00221
scoring_system epss
scoring_elements 0.44782
published_at 2026-04-16T12:55:00Z
6
value 0.00221
scoring_system epss
scoring_elements 0.44774
published_at 2026-04-18T12:55:00Z
7
value 0.00221
scoring_system epss
scoring_elements 0.44704
published_at 2026-04-21T12:55:00Z
8
value 0.00221
scoring_system epss
scoring_elements 0.44747
published_at 2026-04-04T12:55:00Z
9
value 0.00221
scoring_system epss
scoring_elements 0.44686
published_at 2026-04-07T12:55:00Z
10
value 0.00221
scoring_system epss
scoring_elements 0.44739
published_at 2026-04-08T12:55:00Z
11
value 0.0026
scoring_system epss
scoring_elements 0.49371
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2013
1
reference_url https://hackerone.com/reports/1940441
reference_id 1940441
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:50:51Z/
url https://hackerone.com/reports/1940441
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/406844
reference_id 406844
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:50:51Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/406844
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2013.json
reference_id CVE-2023-2013.json
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:50:51Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2013.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-2013
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qu4k-ch4z-quck
228
url VCID-qvb2-7kb6-9bfn
vulnerability_id VCID-qvb2-7kb6-9bfn
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys .
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3740
reference_id
reference_type
scores
0
value 0.00185
scoring_system epss
scoring_elements 0.4013
published_at 2026-04-24T12:55:00Z
1
value 0.00185
scoring_system epss
scoring_elements 0.40288
published_at 2026-04-12T12:55:00Z
2
value 0.00185
scoring_system epss
scoring_elements 0.40269
published_at 2026-04-13T12:55:00Z
3
value 0.00185
scoring_system epss
scoring_elements 0.40316
published_at 2026-04-16T12:55:00Z
4
value 0.00185
scoring_system epss
scoring_elements 0.40285
published_at 2026-04-18T12:55:00Z
5
value 0.00185
scoring_system epss
scoring_elements 0.40209
published_at 2026-04-21T12:55:00Z
6
value 0.00185
scoring_system epss
scoring_elements 0.40302
published_at 2026-04-02T12:55:00Z
7
value 0.00185
scoring_system epss
scoring_elements 0.40327
published_at 2026-04-04T12:55:00Z
8
value 0.00185
scoring_system epss
scoring_elements 0.40252
published_at 2026-04-07T12:55:00Z
9
value 0.00185
scoring_system epss
scoring_elements 0.40303
published_at 2026-04-08T12:55:00Z
10
value 0.00185
scoring_system epss
scoring_elements 0.40315
published_at 2026-04-09T12:55:00Z
11
value 0.00185
scoring_system epss
scoring_elements 0.40326
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3740
1
reference_url https://hackerone.com/reports/1602904
reference_id 1602904
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T15:03:08Z/
url https://hackerone.com/reports/1602904
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/368416
reference_id 368416
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T15:03:08Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/368416
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3740.json
reference_id CVE-2022-3740.json
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T15:03:08Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3740.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3740
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qvb2-7kb6-9bfn
229
url VCID-qx9h-4txw-fkeg
vulnerability_id VCID-qx9h-4txw-fkeg
summary A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2931
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.52673
published_at 2026-04-02T12:55:00Z
1
value 0.00294
scoring_system epss
scoring_elements 0.52699
published_at 2026-04-04T12:55:00Z
2
value 0.00294
scoring_system epss
scoring_elements 0.52664
published_at 2026-04-07T12:55:00Z
3
value 0.00294
scoring_system epss
scoring_elements 0.52714
published_at 2026-04-08T12:55:00Z
4
value 0.00294
scoring_system epss
scoring_elements 0.52708
published_at 2026-04-09T12:55:00Z
5
value 0.00294
scoring_system epss
scoring_elements 0.52758
published_at 2026-04-11T12:55:00Z
6
value 0.0031
scoring_system epss
scoring_elements 0.54197
published_at 2026-04-12T12:55:00Z
7
value 0.0031
scoring_system epss
scoring_elements 0.54176
published_at 2026-04-13T12:55:00Z
8
value 0.0031
scoring_system epss
scoring_elements 0.54214
published_at 2026-04-16T12:55:00Z
9
value 0.0031
scoring_system epss
scoring_elements 0.54218
published_at 2026-04-18T12:55:00Z
10
value 0.0031
scoring_system epss
scoring_elements 0.54199
published_at 2026-04-21T12:55:00Z
11
value 0.0031
scoring_system epss
scoring_elements 0.54166
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2931
1
reference_url https://hackerone.com/reports/1543718
reference_id 1543718
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:25:23Z/
url https://hackerone.com/reports/1543718
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/361982
reference_id 361982
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:25:23Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/361982
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2931.json
reference_id CVE-2022-2931.json
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:25:23Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2931.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2931
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qx9h-4txw-fkeg
230
url VCID-qxbn-nsyj-p3d4
vulnerability_id VCID-qxbn-nsyj-p3d4
summary Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3325
reference_id
reference_type
scores
0
value 0.00122
scoring_system epss
scoring_elements 0.31094
published_at 2026-04-24T12:55:00Z
1
value 0.00122
scoring_system epss
scoring_elements 0.31314
published_at 2026-04-16T12:55:00Z
2
value 0.00122
scoring_system epss
scoring_elements 0.31293
published_at 2026-04-18T12:55:00Z
3
value 0.00122
scoring_system epss
scoring_elements 0.31267
published_at 2026-04-21T12:55:00Z
4
value 0.00122
scoring_system epss
scoring_elements 0.31413
published_at 2026-04-02T12:55:00Z
5
value 0.00122
scoring_system epss
scoring_elements 0.31455
published_at 2026-04-04T12:55:00Z
6
value 0.00122
scoring_system epss
scoring_elements 0.31274
published_at 2026-04-07T12:55:00Z
7
value 0.00122
scoring_system epss
scoring_elements 0.31327
published_at 2026-04-08T12:55:00Z
8
value 0.00122
scoring_system epss
scoring_elements 0.31357
published_at 2026-04-09T12:55:00Z
9
value 0.00122
scoring_system epss
scoring_elements 0.31361
published_at 2026-04-11T12:55:00Z
10
value 0.00122
scoring_system epss
scoring_elements 0.31318
published_at 2026-04-12T12:55:00Z
11
value 0.00122
scoring_system epss
scoring_elements 0.31279
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3325
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/360819
reference_id 360819
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:36:08Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/360819
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3325.json
reference_id CVE-2022-3325.json
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:36:08Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3325.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3325
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxbn-nsyj-p3d4
231
url VCID-r1nb-5dxj-uker
vulnerability_id VCID-r1nb-5dxj-uker
summary Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22242
reference_id
reference_type
scores
0
value 0.02281
scoring_system epss
scoring_elements 0.84607
published_at 2026-04-01T12:55:00Z
1
value 0.02281
scoring_system epss
scoring_elements 0.84621
published_at 2026-04-02T12:55:00Z
2
value 0.02281
scoring_system epss
scoring_elements 0.84641
published_at 2026-04-04T12:55:00Z
3
value 0.02281
scoring_system epss
scoring_elements 0.84643
published_at 2026-04-07T12:55:00Z
4
value 0.02281
scoring_system epss
scoring_elements 0.84664
published_at 2026-04-08T12:55:00Z
5
value 0.02281
scoring_system epss
scoring_elements 0.84671
published_at 2026-04-09T12:55:00Z
6
value 0.02281
scoring_system epss
scoring_elements 0.84688
published_at 2026-04-11T12:55:00Z
7
value 0.02281
scoring_system epss
scoring_elements 0.84684
published_at 2026-04-12T12:55:00Z
8
value 0.02281
scoring_system epss
scoring_elements 0.84678
published_at 2026-04-13T12:55:00Z
9
value 0.02281
scoring_system epss
scoring_elements 0.847
published_at 2026-04-16T12:55:00Z
10
value 0.02281
scoring_system epss
scoring_elements 0.84701
published_at 2026-04-18T12:55:00Z
11
value 0.02281
scoring_system epss
scoring_elements 0.84702
published_at 2026-04-21T12:55:00Z
12
value 0.02281
scoring_system epss
scoring_elements 0.84729
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22242
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22242
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1nb-5dxj-uker
232
url VCID-r36y-zth9-2bbv
vulnerability_id VCID-r36y-zth9-2bbv
summary An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39911
reference_id
reference_type
scores
0
value 0.00219
scoring_system epss
scoring_elements 0.44427
published_at 2026-04-24T12:55:00Z
1
value 0.00219
scoring_system epss
scoring_elements 0.44459
published_at 2026-04-01T12:55:00Z
2
value 0.00219
scoring_system epss
scoring_elements 0.44528
published_at 2026-04-02T12:55:00Z
3
value 0.00219
scoring_system epss
scoring_elements 0.4455
published_at 2026-04-04T12:55:00Z
4
value 0.00219
scoring_system epss
scoring_elements 0.44488
published_at 2026-04-07T12:55:00Z
5
value 0.00219
scoring_system epss
scoring_elements 0.44539
published_at 2026-04-08T12:55:00Z
6
value 0.00219
scoring_system epss
scoring_elements 0.44544
published_at 2026-04-09T12:55:00Z
7
value 0.00219
scoring_system epss
scoring_elements 0.4456
published_at 2026-04-11T12:55:00Z
8
value 0.00219
scoring_system epss
scoring_elements 0.4453
published_at 2026-04-12T12:55:00Z
9
value 0.00219
scoring_system epss
scoring_elements 0.44532
published_at 2026-04-13T12:55:00Z
10
value 0.00219
scoring_system epss
scoring_elements 0.44587
published_at 2026-04-16T12:55:00Z
11
value 0.00219
scoring_system epss
scoring_elements 0.44579
published_at 2026-04-18T12:55:00Z
12
value 0.00219
scoring_system epss
scoring_elements 0.44509
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39911
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39911
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r36y-zth9-2bbv
233
url VCID-r471-k1sd-r3gw
vulnerability_id VCID-r471-k1sd-r3gw
summary An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public project
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0344
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.53577
published_at 2026-04-01T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.536
published_at 2026-04-02T12:55:00Z
2
value 0.00304
scoring_system epss
scoring_elements 0.53628
published_at 2026-04-04T12:55:00Z
3
value 0.00304
scoring_system epss
scoring_elements 0.53597
published_at 2026-04-07T12:55:00Z
4
value 0.00304
scoring_system epss
scoring_elements 0.53649
published_at 2026-04-24T12:55:00Z
5
value 0.00304
scoring_system epss
scoring_elements 0.53647
published_at 2026-04-09T12:55:00Z
6
value 0.00304
scoring_system epss
scoring_elements 0.53696
published_at 2026-04-11T12:55:00Z
7
value 0.00304
scoring_system epss
scoring_elements 0.53679
published_at 2026-04-12T12:55:00Z
8
value 0.00304
scoring_system epss
scoring_elements 0.53662
published_at 2026-04-13T12:55:00Z
9
value 0.00304
scoring_system epss
scoring_elements 0.53699
published_at 2026-04-16T12:55:00Z
10
value 0.00304
scoring_system epss
scoring_elements 0.53704
published_at 2026-04-18T12:55:00Z
11
value 0.00304
scoring_system epss
scoring_elements 0.53687
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0344
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0344
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r471-k1sd-r3gw
234
url VCID-r985-r2et-jyha
vulnerability_id VCID-r985-r2et-jyha
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1821
reference_id
reference_type
scores
0
value 0.00196
scoring_system epss
scoring_elements 0.41501
published_at 2026-04-01T12:55:00Z
1
value 0.00196
scoring_system epss
scoring_elements 0.41591
published_at 2026-04-02T12:55:00Z
2
value 0.00196
scoring_system epss
scoring_elements 0.41619
published_at 2026-04-04T12:55:00Z
3
value 0.00196
scoring_system epss
scoring_elements 0.41546
published_at 2026-04-07T12:55:00Z
4
value 0.00196
scoring_system epss
scoring_elements 0.41596
published_at 2026-04-08T12:55:00Z
5
value 0.00196
scoring_system epss
scoring_elements 0.41606
published_at 2026-04-09T12:55:00Z
6
value 0.00196
scoring_system epss
scoring_elements 0.41627
published_at 2026-04-11T12:55:00Z
7
value 0.00196
scoring_system epss
scoring_elements 0.41595
published_at 2026-04-12T12:55:00Z
8
value 0.00196
scoring_system epss
scoring_elements 0.41581
published_at 2026-04-13T12:55:00Z
9
value 0.00196
scoring_system epss
scoring_elements 0.41628
published_at 2026-04-16T12:55:00Z
10
value 0.00196
scoring_system epss
scoring_elements 0.41602
published_at 2026-04-18T12:55:00Z
11
value 0.00196
scoring_system epss
scoring_elements 0.41526
published_at 2026-04-21T12:55:00Z
12
value 0.00196
scoring_system epss
scoring_elements 0.41419
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1821
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1821
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r985-r2et-jyha
235
url VCID-rc6v-b3x8-87bu
vulnerability_id VCID-rc6v-b3x8-87bu
summary An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1124
reference_id
reference_type
scores
0
value 0.00245
scoring_system epss
scoring_elements 0.4777
published_at 2026-04-24T12:55:00Z
1
value 0.00245
scoring_system epss
scoring_elements 0.47719
published_at 2026-04-01T12:55:00Z
2
value 0.00245
scoring_system epss
scoring_elements 0.47757
published_at 2026-04-02T12:55:00Z
3
value 0.00245
scoring_system epss
scoring_elements 0.47777
published_at 2026-04-12T12:55:00Z
4
value 0.00245
scoring_system epss
scoring_elements 0.47726
published_at 2026-04-07T12:55:00Z
5
value 0.00245
scoring_system epss
scoring_elements 0.4778
published_at 2026-04-08T12:55:00Z
6
value 0.00245
scoring_system epss
scoring_elements 0.47776
published_at 2026-04-09T12:55:00Z
7
value 0.00245
scoring_system epss
scoring_elements 0.47801
published_at 2026-04-11T12:55:00Z
8
value 0.00245
scoring_system epss
scoring_elements 0.47787
published_at 2026-04-21T12:55:00Z
9
value 0.00245
scoring_system epss
scoring_elements 0.47842
published_at 2026-04-16T12:55:00Z
10
value 0.00245
scoring_system epss
scoring_elements 0.47834
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1124
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1124
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rc6v-b3x8-87bu
236
url VCID-rs3w-urcr-5ug6
vulnerability_id VCID-rs3w-urcr-5ug6
summary An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2630
reference_id
reference_type
scores
0
value 0.00254
scoring_system epss
scoring_elements 0.48713
published_at 2026-04-02T12:55:00Z
1
value 0.00254
scoring_system epss
scoring_elements 0.48739
published_at 2026-04-04T12:55:00Z
2
value 0.00254
scoring_system epss
scoring_elements 0.48693
published_at 2026-04-07T12:55:00Z
3
value 0.00254
scoring_system epss
scoring_elements 0.48748
published_at 2026-04-08T12:55:00Z
4
value 0.00254
scoring_system epss
scoring_elements 0.48744
published_at 2026-04-09T12:55:00Z
5
value 0.00254
scoring_system epss
scoring_elements 0.48762
published_at 2026-04-11T12:55:00Z
6
value 0.00268
scoring_system epss
scoring_elements 0.50297
published_at 2026-04-12T12:55:00Z
7
value 0.00268
scoring_system epss
scoring_elements 0.50286
published_at 2026-04-13T12:55:00Z
8
value 0.00268
scoring_system epss
scoring_elements 0.50331
published_at 2026-04-16T12:55:00Z
9
value 0.00268
scoring_system epss
scoring_elements 0.50332
published_at 2026-04-18T12:55:00Z
10
value 0.00268
scoring_system epss
scoring_elements 0.50306
published_at 2026-04-21T12:55:00Z
11
value 0.00268
scoring_system epss
scoring_elements 0.50281
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2630
1
reference_url https://hackerone.com/reports/1652853
reference_id 1652853
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:12:41Z/
url https://hackerone.com/reports/1652853
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/369429
reference_id 369429
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:12:41Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/369429
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2630.json
reference_id CVE-2022-2630.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:12:41Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2630.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2630
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rs3w-urcr-5ug6
237
url VCID-s1wb-a1dn-z7b2
vulnerability_id VCID-s1wb-a1dn-z7b2
summary An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0549
reference_id
reference_type
scores
0
value 0.00126
scoring_system epss
scoring_elements 0.3192
published_at 2026-04-01T12:55:00Z
1
value 0.00126
scoring_system epss
scoring_elements 0.32047
published_at 2026-04-02T12:55:00Z
2
value 0.00126
scoring_system epss
scoring_elements 0.32088
published_at 2026-04-04T12:55:00Z
3
value 0.00126
scoring_system epss
scoring_elements 0.3191
published_at 2026-04-07T12:55:00Z
4
value 0.00126
scoring_system epss
scoring_elements 0.31963
published_at 2026-04-08T12:55:00Z
5
value 0.00126
scoring_system epss
scoring_elements 0.31991
published_at 2026-04-09T12:55:00Z
6
value 0.00126
scoring_system epss
scoring_elements 0.31995
published_at 2026-04-11T12:55:00Z
7
value 0.00126
scoring_system epss
scoring_elements 0.31955
published_at 2026-04-16T12:55:00Z
8
value 0.00126
scoring_system epss
scoring_elements 0.31921
published_at 2026-04-13T12:55:00Z
9
value 0.00126
scoring_system epss
scoring_elements 0.31934
published_at 2026-04-18T12:55:00Z
10
value 0.00126
scoring_system epss
scoring_elements 0.31906
published_at 2026-04-21T12:55:00Z
11
value 0.00126
scoring_system epss
scoring_elements 0.31737
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0549
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0549
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1wb-a1dn-z7b2
238
url VCID-s41d-jhp9-ckae
vulnerability_id VCID-s41d-jhp9-ckae
summary HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22232
reference_id
reference_type
scores
0
value 0.00128
scoring_system epss
scoring_elements 0.32002
published_at 2026-04-24T12:55:00Z
1
value 0.00128
scoring_system epss
scoring_elements 0.32175
published_at 2026-04-01T12:55:00Z
2
value 0.00128
scoring_system epss
scoring_elements 0.32308
published_at 2026-04-02T12:55:00Z
3
value 0.00128
scoring_system epss
scoring_elements 0.32347
published_at 2026-04-04T12:55:00Z
4
value 0.00128
scoring_system epss
scoring_elements 0.32171
published_at 2026-04-07T12:55:00Z
5
value 0.00128
scoring_system epss
scoring_elements 0.3222
published_at 2026-04-08T12:55:00Z
6
value 0.00128
scoring_system epss
scoring_elements 0.32247
published_at 2026-04-09T12:55:00Z
7
value 0.00128
scoring_system epss
scoring_elements 0.32248
published_at 2026-04-11T12:55:00Z
8
value 0.00128
scoring_system epss
scoring_elements 0.3221
published_at 2026-04-12T12:55:00Z
9
value 0.00128
scoring_system epss
scoring_elements 0.3218
published_at 2026-04-13T12:55:00Z
10
value 0.00128
scoring_system epss
scoring_elements 0.32213
published_at 2026-04-16T12:55:00Z
11
value 0.00128
scoring_system epss
scoring_elements 0.32193
published_at 2026-04-18T12:55:00Z
12
value 0.00128
scoring_system epss
scoring_elements 0.32164
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22232
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22232
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s41d-jhp9-ckae
239
url VCID-s4s1-xd1y-7khg
vulnerability_id VCID-s4s1-xd1y-7khg
summary An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2069
reference_id
reference_type
scores
0
value 0.00272
scoring_system epss
scoring_elements 0.50614
published_at 2026-04-24T12:55:00Z
1
value 0.00272
scoring_system epss
scoring_elements 0.50653
published_at 2026-04-12T12:55:00Z
2
value 0.00272
scoring_system epss
scoring_elements 0.50638
published_at 2026-04-13T12:55:00Z
3
value 0.00272
scoring_system epss
scoring_elements 0.50679
published_at 2026-04-16T12:55:00Z
4
value 0.00272
scoring_system epss
scoring_elements 0.50685
published_at 2026-04-18T12:55:00Z
5
value 0.00272
scoring_system epss
scoring_elements 0.50665
published_at 2026-04-21T12:55:00Z
6
value 0.00272
scoring_system epss
scoring_elements 0.50602
published_at 2026-04-02T12:55:00Z
7
value 0.00272
scoring_system epss
scoring_elements 0.50629
published_at 2026-04-04T12:55:00Z
8
value 0.00272
scoring_system epss
scoring_elements 0.50583
published_at 2026-04-07T12:55:00Z
9
value 0.00272
scoring_system epss
scoring_elements 0.50637
published_at 2026-04-08T12:55:00Z
10
value 0.00272
scoring_system epss
scoring_elements 0.50633
published_at 2026-04-09T12:55:00Z
11
value 0.00272
scoring_system epss
scoring_elements 0.50676
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2069
1
reference_url https://hackerone.com/reports/1939987
reference_id 1939987
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:29:57Z/
url https://hackerone.com/reports/1939987
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/407374
reference_id 407374
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:29:57Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/407374
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2069.json
reference_id CVE-2023-2069.json
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:29:57Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2069.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-2069
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s4s1-xd1y-7khg
240
url VCID-s8ds-5b7r-gfed
vulnerability_id VCID-s8ds-5b7r-gfed
summary A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22213
reference_id
reference_type
scores
0
value 0.0096
scoring_system epss
scoring_elements 0.76534
published_at 2026-04-24T12:55:00Z
1
value 0.0096
scoring_system epss
scoring_elements 0.76409
published_at 2026-04-01T12:55:00Z
2
value 0.0096
scoring_system epss
scoring_elements 0.76412
published_at 2026-04-02T12:55:00Z
3
value 0.0096
scoring_system epss
scoring_elements 0.7644
published_at 2026-04-04T12:55:00Z
4
value 0.0096
scoring_system epss
scoring_elements 0.76422
published_at 2026-04-07T12:55:00Z
5
value 0.0096
scoring_system epss
scoring_elements 0.76454
published_at 2026-04-08T12:55:00Z
6
value 0.0096
scoring_system epss
scoring_elements 0.76468
published_at 2026-04-13T12:55:00Z
7
value 0.0096
scoring_system epss
scoring_elements 0.76494
published_at 2026-04-11T12:55:00Z
8
value 0.0096
scoring_system epss
scoring_elements 0.76472
published_at 2026-04-12T12:55:00Z
9
value 0.0096
scoring_system epss
scoring_elements 0.76508
published_at 2026-04-16T12:55:00Z
10
value 0.0096
scoring_system epss
scoring_elements 0.76512
published_at 2026-04-18T12:55:00Z
11
value 0.0096
scoring_system epss
scoring_elements 0.765
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22213
1
reference_url https://security.archlinux.org/ASA-202106-21
reference_id ASA-202106-21
reference_type
scores
url https://security.archlinux.org/ASA-202106-21
2
reference_url https://security.archlinux.org/AVG-2023
reference_id AVG-2023
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2023
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22213
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s8ds-5b7r-gfed
241
url VCID-s8jp-pr6y-8qcz
vulnerability_id VCID-s8jp-pr6y-8qcz
summary An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4191
reference_id
reference_type
scores
0
value 0.9226
scoring_system epss
scoring_elements 0.99722
published_at 2026-04-21T12:55:00Z
1
value 0.9226
scoring_system epss
scoring_elements 0.99723
published_at 2026-04-24T12:55:00Z
2
value 0.9236
scoring_system epss
scoring_elements 0.99725
published_at 2026-04-04T12:55:00Z
3
value 0.9236
scoring_system epss
scoring_elements 0.99723
published_at 2026-04-01T12:55:00Z
4
value 0.9236
scoring_system epss
scoring_elements 0.99727
published_at 2026-04-18T12:55:00Z
5
value 0.9236
scoring_system epss
scoring_elements 0.99726
published_at 2026-04-13T12:55:00Z
6
value 0.9236
scoring_system epss
scoring_elements 0.99724
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4191
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-4191
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s8jp-pr6y-8qcz
242
url VCID-sak7-sp6s-7ydh
vulnerability_id VCID-sak7-sp6s-7ydh
summary Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3726
reference_id
reference_type
scores
0
value 0.00334
scoring_system epss
scoring_elements 0.56134
published_at 2026-04-24T12:55:00Z
1
value 0.00334
scoring_system epss
scoring_elements 0.56224
published_at 2026-04-12T12:55:00Z
2
value 0.00334
scoring_system epss
scoring_elements 0.56207
published_at 2026-04-13T12:55:00Z
3
value 0.00334
scoring_system epss
scoring_elements 0.56239
published_at 2026-04-16T12:55:00Z
4
value 0.00334
scoring_system epss
scoring_elements 0.56241
published_at 2026-04-18T12:55:00Z
5
value 0.00334
scoring_system epss
scoring_elements 0.56209
published_at 2026-04-21T12:55:00Z
6
value 0.00334
scoring_system epss
scoring_elements 0.56181
published_at 2026-04-07T12:55:00Z
7
value 0.00334
scoring_system epss
scoring_elements 0.56201
published_at 2026-04-04T12:55:00Z
8
value 0.00334
scoring_system epss
scoring_elements 0.56232
published_at 2026-04-08T12:55:00Z
9
value 0.00334
scoring_system epss
scoring_elements 0.56238
published_at 2026-04-09T12:55:00Z
10
value 0.00334
scoring_system epss
scoring_elements 0.56248
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3726
1
reference_url https://hackerone.com/reports/1563383
reference_id 1563383
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:22:45Z/
url https://hackerone.com/reports/1563383
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/362509
reference_id 362509
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:22:45Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/362509
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3726.json
reference_id CVE-2022-3726.json
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:22:45Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3726.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3726
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sak7-sp6s-7ydh
243
url VCID-sam2-zgur-43be
vulnerability_id VCID-sam2-zgur-43be
summary An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4462
reference_id
reference_type
scores
0
value 0.00393
scoring_system epss
scoring_elements 0.6025
published_at 2026-04-24T12:55:00Z
1
value 0.00393
scoring_system epss
scoring_elements 0.60279
published_at 2026-04-21T12:55:00Z
2
value 0.00393
scoring_system epss
scoring_elements 0.60265
published_at 2026-04-12T12:55:00Z
3
value 0.00393
scoring_system epss
scoring_elements 0.60246
published_at 2026-04-13T12:55:00Z
4
value 0.00393
scoring_system epss
scoring_elements 0.60286
published_at 2026-04-16T12:55:00Z
5
value 0.00393
scoring_system epss
scoring_elements 0.60293
published_at 2026-04-18T12:55:00Z
6
value 0.00393
scoring_system epss
scoring_elements 0.602
published_at 2026-04-02T12:55:00Z
7
value 0.00393
scoring_system epss
scoring_elements 0.60226
published_at 2026-04-04T12:55:00Z
8
value 0.00393
scoring_system epss
scoring_elements 0.60194
published_at 2026-04-07T12:55:00Z
9
value 0.00393
scoring_system epss
scoring_elements 0.60244
published_at 2026-04-08T12:55:00Z
10
value 0.00393
scoring_system epss
scoring_elements 0.60258
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4462
1
reference_url https://hackerone.com/reports/1796210
reference_id 1796210
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:27:03Z/
url https://hackerone.com/reports/1796210
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/385669
reference_id 385669
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:27:03Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/385669
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4462.json
reference_id CVE-2022-4462.json
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:27:03Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4462.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-4462
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sam2-zgur-43be
244
url VCID-spnw-xhvg-8khn
vulnerability_id VCID-spnw-xhvg-8khn
summary An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0223
reference_id
reference_type
scores
0
value 0.02694
scoring_system epss
scoring_elements 0.85905
published_at 2026-04-24T12:55:00Z
1
value 0.02694
scoring_system epss
scoring_elements 0.85872
published_at 2026-04-12T12:55:00Z
2
value 0.02694
scoring_system epss
scoring_elements 0.85868
published_at 2026-04-13T12:55:00Z
3
value 0.02694
scoring_system epss
scoring_elements 0.85887
published_at 2026-04-16T12:55:00Z
4
value 0.02694
scoring_system epss
scoring_elements 0.85891
published_at 2026-04-18T12:55:00Z
5
value 0.02694
scoring_system epss
scoring_elements 0.85883
published_at 2026-04-21T12:55:00Z
6
value 0.02694
scoring_system epss
scoring_elements 0.8581
published_at 2026-04-02T12:55:00Z
7
value 0.02694
scoring_system epss
scoring_elements 0.85828
published_at 2026-04-04T12:55:00Z
8
value 0.02694
scoring_system epss
scoring_elements 0.85832
published_at 2026-04-07T12:55:00Z
9
value 0.02694
scoring_system epss
scoring_elements 0.8585
published_at 2026-04-08T12:55:00Z
10
value 0.02694
scoring_system epss
scoring_elements 0.85861
published_at 2026-04-09T12:55:00Z
11
value 0.02694
scoring_system epss
scoring_elements 0.85875
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0223
1
reference_url https://hackerone.com/reports/1824226
reference_id 1824226
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:29:30Z/
url https://hackerone.com/reports/1824226
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/387870
reference_id 387870
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:29:30Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/387870
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0223.json
reference_id CVE-2023-0223.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:29:30Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0223.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-0223
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-spnw-xhvg-8khn
245
url VCID-squm-zf6h-1udv
vulnerability_id VCID-squm-zf6h-1udv
summary An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3031
reference_id
reference_type
scores
0
value 0.00184
scoring_system epss
scoring_elements 0.40214
published_at 2026-04-08T12:55:00Z
1
value 0.00184
scoring_system epss
scoring_elements 0.40239
published_at 2026-04-04T12:55:00Z
2
value 0.00184
scoring_system epss
scoring_elements 0.40161
published_at 2026-04-07T12:55:00Z
3
value 0.00184
scoring_system epss
scoring_elements 0.40225
published_at 2026-04-09T12:55:00Z
4
value 0.00184
scoring_system epss
scoring_elements 0.40237
published_at 2026-04-11T12:55:00Z
5
value 0.00195
scoring_system epss
scoring_elements 0.41399
published_at 2026-04-13T12:55:00Z
6
value 0.00195
scoring_system epss
scoring_elements 0.41442
published_at 2026-04-16T12:55:00Z
7
value 0.00195
scoring_system epss
scoring_elements 0.41341
published_at 2026-04-21T12:55:00Z
8
value 0.00195
scoring_system epss
scoring_elements 0.41232
published_at 2026-04-24T12:55:00Z
9
value 0.00195
scoring_system epss
scoring_elements 0.41414
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3031
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/340395
reference_id 340395
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:20:40Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/340395
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3031.json
reference_id CVE-2022-3031.json
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:20:40Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3031.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3031
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-squm-zf6h-1udv
246
url VCID-sr1f-3k9z-qfae
vulnerability_id VCID-sr1f-3k9z-qfae
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4342
reference_id
reference_type
scores
0
value 0.01599
scoring_system epss
scoring_elements 0.81659
published_at 2026-04-04T12:55:00Z
1
value 0.01599
scoring_system epss
scoring_elements 0.81637
published_at 2026-04-02T12:55:00Z
2
value 0.02337
scoring_system epss
scoring_elements 0.84895
published_at 2026-04-24T12:55:00Z
3
value 0.02337
scoring_system epss
scoring_elements 0.84858
published_at 2026-04-11T12:55:00Z
4
value 0.02337
scoring_system epss
scoring_elements 0.84854
published_at 2026-04-12T12:55:00Z
5
value 0.02337
scoring_system epss
scoring_elements 0.84849
published_at 2026-04-13T12:55:00Z
6
value 0.02337
scoring_system epss
scoring_elements 0.8487
published_at 2026-04-16T12:55:00Z
7
value 0.02337
scoring_system epss
scoring_elements 0.84871
published_at 2026-04-18T12:55:00Z
8
value 0.02337
scoring_system epss
scoring_elements 0.84868
published_at 2026-04-21T12:55:00Z
9
value 0.02337
scoring_system epss
scoring_elements 0.8481
published_at 2026-04-07T12:55:00Z
10
value 0.02337
scoring_system epss
scoring_elements 0.84833
published_at 2026-04-08T12:55:00Z
11
value 0.02337
scoring_system epss
scoring_elements 0.84839
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4342
1
reference_url https://hackerone.com/reports/1791331
reference_id 1791331
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:41:54Z/
url https://hackerone.com/reports/1791331
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/385118
reference_id 385118
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:41:54Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/385118
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4342.json
reference_id CVE-2022-4342.json
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:41:54Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4342.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-4342
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sr1f-3k9z-qfae
247
url VCID-ss7h-4jqj-rycp
vulnerability_id VCID-ss7h-4jqj-rycp
summary The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22258
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.50853
published_at 2026-04-24T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.50782
published_at 2026-04-01T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.50838
published_at 2026-04-02T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.50864
published_at 2026-04-04T12:55:00Z
4
value 0.00274
scoring_system epss
scoring_elements 0.50821
published_at 2026-04-07T12:55:00Z
5
value 0.00274
scoring_system epss
scoring_elements 0.50878
published_at 2026-04-08T12:55:00Z
6
value 0.00274
scoring_system epss
scoring_elements 0.50876
published_at 2026-04-09T12:55:00Z
7
value 0.00274
scoring_system epss
scoring_elements 0.50918
published_at 2026-04-16T12:55:00Z
8
value 0.00274
scoring_system epss
scoring_elements 0.50896
published_at 2026-04-12T12:55:00Z
9
value 0.00274
scoring_system epss
scoring_elements 0.5088
published_at 2026-04-13T12:55:00Z
10
value 0.00274
scoring_system epss
scoring_elements 0.50924
published_at 2026-04-18T12:55:00Z
11
value 0.00274
scoring_system epss
scoring_elements 0.50904
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22258
1
reference_url https://security.archlinux.org/AVG-2335
reference_id AVG-2335
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2335
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22258
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ss7h-4jqj-rycp
248
url VCID-su7x-v5ud-bffh
vulnerability_id VCID-su7x-v5ud-bffh
summary An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don't have access to.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2761
reference_id
reference_type
scores
0
value 0.0028
scoring_system epss
scoring_elements 0.51398
published_at 2026-04-24T12:55:00Z
1
value 0.0028
scoring_system epss
scoring_elements 0.51429
published_at 2026-04-12T12:55:00Z
2
value 0.0028
scoring_system epss
scoring_elements 0.51416
published_at 2026-04-13T12:55:00Z
3
value 0.0028
scoring_system epss
scoring_elements 0.51458
published_at 2026-04-16T12:55:00Z
4
value 0.0028
scoring_system epss
scoring_elements 0.51466
published_at 2026-04-18T12:55:00Z
5
value 0.0028
scoring_system epss
scoring_elements 0.51446
published_at 2026-04-21T12:55:00Z
6
value 0.0028
scoring_system epss
scoring_elements 0.5137
published_at 2026-04-02T12:55:00Z
7
value 0.0028
scoring_system epss
scoring_elements 0.51397
published_at 2026-04-04T12:55:00Z
8
value 0.0028
scoring_system epss
scoring_elements 0.51356
published_at 2026-04-07T12:55:00Z
9
value 0.0028
scoring_system epss
scoring_elements 0.5141
published_at 2026-04-08T12:55:00Z
10
value 0.0028
scoring_system epss
scoring_elements 0.51408
published_at 2026-04-09T12:55:00Z
11
value 0.0028
scoring_system epss
scoring_elements 0.51451
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2761
1
reference_url https://hackerone.com/reports/1653149
reference_id 1653149
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:35:28Z/
url https://hackerone.com/reports/1653149
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/370458
reference_id 370458
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:35:28Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/370458
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2761.json
reference_id CVE-2022-2761.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:35:28Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2761.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2761
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-su7x-v5ud-bffh
249
url VCID-su9x-jz8t-h7bt
vulnerability_id VCID-su9x-jz8t-h7bt
summary Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39886
reference_id
reference_type
scores
0
value 0.00135
scoring_system epss
scoring_elements 0.33024
published_at 2026-04-24T12:55:00Z
1
value 0.00135
scoring_system epss
scoring_elements 0.3318
published_at 2026-04-01T12:55:00Z
2
value 0.00135
scoring_system epss
scoring_elements 0.33308
published_at 2026-04-02T12:55:00Z
3
value 0.00135
scoring_system epss
scoring_elements 0.3334
published_at 2026-04-04T12:55:00Z
4
value 0.00135
scoring_system epss
scoring_elements 0.33173
published_at 2026-04-07T12:55:00Z
5
value 0.00135
scoring_system epss
scoring_elements 0.33216
published_at 2026-04-08T12:55:00Z
6
value 0.00135
scoring_system epss
scoring_elements 0.3325
published_at 2026-04-09T12:55:00Z
7
value 0.00135
scoring_system epss
scoring_elements 0.33254
published_at 2026-04-11T12:55:00Z
8
value 0.00135
scoring_system epss
scoring_elements 0.33213
published_at 2026-04-12T12:55:00Z
9
value 0.00135
scoring_system epss
scoring_elements 0.33189
published_at 2026-04-13T12:55:00Z
10
value 0.00135
scoring_system epss
scoring_elements 0.3323
published_at 2026-04-16T12:55:00Z
11
value 0.00135
scoring_system epss
scoring_elements 0.33207
published_at 2026-04-18T12:55:00Z
12
value 0.00135
scoring_system epss
scoring_elements 0.33171
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39886
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39886
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-su9x-jz8t-h7bt
250
url VCID-sxfm-yjar-r3gy
vulnerability_id VCID-sxfm-yjar-r3gy
summary A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39912
reference_id
reference_type
scores
0
value 0.00248
scoring_system epss
scoring_elements 0.48094
published_at 2026-04-24T12:55:00Z
1
value 0.00248
scoring_system epss
scoring_elements 0.48044
published_at 2026-04-01T12:55:00Z
2
value 0.00248
scoring_system epss
scoring_elements 0.48082
published_at 2026-04-02T12:55:00Z
3
value 0.00248
scoring_system epss
scoring_elements 0.48103
published_at 2026-04-04T12:55:00Z
4
value 0.00248
scoring_system epss
scoring_elements 0.48053
published_at 2026-04-07T12:55:00Z
5
value 0.00248
scoring_system epss
scoring_elements 0.48106
published_at 2026-04-08T12:55:00Z
6
value 0.00248
scoring_system epss
scoring_elements 0.48101
published_at 2026-04-09T12:55:00Z
7
value 0.00248
scoring_system epss
scoring_elements 0.48124
published_at 2026-04-11T12:55:00Z
8
value 0.00248
scoring_system epss
scoring_elements 0.48099
published_at 2026-04-12T12:55:00Z
9
value 0.00248
scoring_system epss
scoring_elements 0.48111
published_at 2026-04-13T12:55:00Z
10
value 0.00248
scoring_system epss
scoring_elements 0.48163
published_at 2026-04-16T12:55:00Z
11
value 0.00248
scoring_system epss
scoring_elements 0.48158
published_at 2026-04-18T12:55:00Z
12
value 0.00248
scoring_system epss
scoring_elements 0.48113
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39912
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39912
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sxfm-yjar-r3gy
251
url VCID-sy1x-7vmv-ykh7
vulnerability_id VCID-sy1x-7vmv-ykh7
summary A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2865
reference_id
reference_type
scores
0
value 0.00441
scoring_system epss
scoring_elements 0.63214
published_at 2026-04-02T12:55:00Z
1
value 0.00441
scoring_system epss
scoring_elements 0.63243
published_at 2026-04-04T12:55:00Z
2
value 0.00441
scoring_system epss
scoring_elements 0.63209
published_at 2026-04-07T12:55:00Z
3
value 0.00441
scoring_system epss
scoring_elements 0.6326
published_at 2026-04-08T12:55:00Z
4
value 0.00441
scoring_system epss
scoring_elements 0.63278
published_at 2026-04-09T12:55:00Z
5
value 0.00441
scoring_system epss
scoring_elements 0.63295
published_at 2026-04-11T12:55:00Z
6
value 0.00465
scoring_system epss
scoring_elements 0.64402
published_at 2026-04-12T12:55:00Z
7
value 0.00465
scoring_system epss
scoring_elements 0.64373
published_at 2026-04-13T12:55:00Z
8
value 0.00465
scoring_system epss
scoring_elements 0.64409
published_at 2026-04-16T12:55:00Z
9
value 0.00465
scoring_system epss
scoring_elements 0.64421
published_at 2026-04-18T12:55:00Z
10
value 0.00465
scoring_system epss
scoring_elements 0.64412
published_at 2026-04-21T12:55:00Z
11
value 0.00465
scoring_system epss
scoring_elements 0.64433
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2865
1
reference_url https://hackerone.com/reports/1665658
reference_id 1665658
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T13:56:48Z/
url https://hackerone.com/reports/1665658
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/370873
reference_id 370873
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T13:56:48Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/370873
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2865.json
reference_id CVE-2022-2865.json
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T13:56:48Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2865.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2865
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sy1x-7vmv-ykh7
252
url VCID-t1kx-cv1c-9ycs
vulnerability_id VCID-t1kx-cv1c-9ycs
summary An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2001
reference_id
reference_type
scores
0
value 0.00445
scoring_system epss
scoring_elements 0.63473
published_at 2026-04-24T12:55:00Z
1
value 0.00445
scoring_system epss
scoring_elements 0.63445
published_at 2026-04-08T12:55:00Z
2
value 0.00445
scoring_system epss
scoring_elements 0.63463
published_at 2026-04-09T12:55:00Z
3
value 0.00445
scoring_system epss
scoring_elements 0.6348
published_at 2026-04-11T12:55:00Z
4
value 0.00445
scoring_system epss
scoring_elements 0.63464
published_at 2026-04-12T12:55:00Z
5
value 0.00445
scoring_system epss
scoring_elements 0.63462
published_at 2026-04-16T12:55:00Z
6
value 0.00445
scoring_system epss
scoring_elements 0.63469
published_at 2026-04-18T12:55:00Z
7
value 0.00445
scoring_system epss
scoring_elements 0.63455
published_at 2026-04-21T12:55:00Z
8
value 0.00445
scoring_system epss
scoring_elements 0.63428
published_at 2026-04-13T12:55:00Z
9
value 0.00445
scoring_system epss
scoring_elements 0.63394
published_at 2026-04-07T12:55:00Z
10
value 0.00524
scoring_system epss
scoring_elements 0.66913
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2001
1
reference_url https://hackerone.com/reports/1908423
reference_id 1908423
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:54:01Z/
url https://hackerone.com/reports/1908423
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/406764
reference_id 406764
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:54:01Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/406764
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2001.json
reference_id CVE-2023-2001.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:54:01Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2001.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-2001
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t1kx-cv1c-9ycs
253
url VCID-t5qj-bzm5-5qhe
vulnerability_id VCID-t5qj-bzm5-5qhe
summary An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited access after their password expired
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22221
reference_id
reference_type
scores
0
value 0.00189
scoring_system epss
scoring_elements 0.40578
published_at 2026-04-24T12:55:00Z
1
value 0.00189
scoring_system epss
scoring_elements 0.40679
published_at 2026-04-01T12:55:00Z
2
value 0.00189
scoring_system epss
scoring_elements 0.40763
published_at 2026-04-02T12:55:00Z
3
value 0.00189
scoring_system epss
scoring_elements 0.4079
published_at 2026-04-11T12:55:00Z
4
value 0.00189
scoring_system epss
scoring_elements 0.40714
published_at 2026-04-07T12:55:00Z
5
value 0.00189
scoring_system epss
scoring_elements 0.40764
published_at 2026-04-08T12:55:00Z
6
value 0.00189
scoring_system epss
scoring_elements 0.40771
published_at 2026-04-09T12:55:00Z
7
value 0.00189
scoring_system epss
scoring_elements 0.40756
published_at 2026-04-12T12:55:00Z
8
value 0.00189
scoring_system epss
scoring_elements 0.40737
published_at 2026-04-13T12:55:00Z
9
value 0.00189
scoring_system epss
scoring_elements 0.40781
published_at 2026-04-16T12:55:00Z
10
value 0.00189
scoring_system epss
scoring_elements 0.40752
published_at 2026-04-18T12:55:00Z
11
value 0.00189
scoring_system epss
scoring_elements 0.40674
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22221
1
reference_url https://security.archlinux.org/ASA-202106-21
reference_id ASA-202106-21
reference_type
scores
url https://security.archlinux.org/ASA-202106-21
2
reference_url https://security.archlinux.org/AVG-2023
reference_id AVG-2023
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2023
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22221
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t5qj-bzm5-5qhe
254
url VCID-t7k8-c1ft-83ea
vulnerability_id VCID-t7k8-c1ft-83ea
summary An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0244
reference_id
reference_type
scores
0
value 0.00286
scoring_system epss
scoring_elements 0.51946
published_at 2026-04-01T12:55:00Z
1
value 0.00286
scoring_system epss
scoring_elements 0.51993
published_at 2026-04-02T12:55:00Z
2
value 0.00286
scoring_system epss
scoring_elements 0.5202
published_at 2026-04-04T12:55:00Z
3
value 0.00286
scoring_system epss
scoring_elements 0.51986
published_at 2026-04-07T12:55:00Z
4
value 0.00286
scoring_system epss
scoring_elements 0.5204
published_at 2026-04-08T12:55:00Z
5
value 0.00286
scoring_system epss
scoring_elements 0.52038
published_at 2026-04-09T12:55:00Z
6
value 0.00286
scoring_system epss
scoring_elements 0.5209
published_at 2026-04-11T12:55:00Z
7
value 0.00286
scoring_system epss
scoring_elements 0.52073
published_at 2026-04-12T12:55:00Z
8
value 0.00286
scoring_system epss
scoring_elements 0.52055
published_at 2026-04-13T12:55:00Z
9
value 0.00286
scoring_system epss
scoring_elements 0.52095
published_at 2026-04-16T12:55:00Z
10
value 0.00286
scoring_system epss
scoring_elements 0.52101
published_at 2026-04-18T12:55:00Z
11
value 0.00286
scoring_system epss
scoring_elements 0.52083
published_at 2026-04-21T12:55:00Z
12
value 0.00286
scoring_system epss
scoring_elements 0.5203
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0244
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0244
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t7k8-c1ft-83ea
255
url VCID-t8nq-hx26-kfc7
vulnerability_id VCID-t8nq-hx26-kfc7
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39935
reference_id
reference_type
scores
0
value 0.41434
scoring_system epss
scoring_elements 0.97378
published_at 2026-04-01T12:55:00Z
1
value 0.41434
scoring_system epss
scoring_elements 0.97389
published_at 2026-04-04T12:55:00Z
2
value 0.41434
scoring_system epss
scoring_elements 0.97391
published_at 2026-04-07T12:55:00Z
3
value 0.41434
scoring_system epss
scoring_elements 0.97397
published_at 2026-04-08T12:55:00Z
4
value 0.41434
scoring_system epss
scoring_elements 0.97398
published_at 2026-04-09T12:55:00Z
5
value 0.41434
scoring_system epss
scoring_elements 0.974
published_at 2026-04-11T12:55:00Z
6
value 0.41434
scoring_system epss
scoring_elements 0.97401
published_at 2026-04-12T12:55:00Z
7
value 0.41434
scoring_system epss
scoring_elements 0.97402
published_at 2026-04-13T12:55:00Z
8
value 0.41434
scoring_system epss
scoring_elements 0.9741
published_at 2026-04-16T12:55:00Z
9
value 0.41434
scoring_system epss
scoring_elements 0.97413
published_at 2026-04-18T12:55:00Z
10
value 0.41434
scoring_system epss
scoring_elements 0.97384
published_at 2026-04-02T12:55:00Z
11
value 0.58412
scoring_system epss
scoring_elements 0.98206
published_at 2026-04-21T12:55:00Z
12
value 0.58412
scoring_system epss
scoring_elements 0.98208
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39935
1
reference_url https://hackerone.com/reports/1236965
reference_id 1236965
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:23:46Z/
url https://hackerone.com/reports/1236965
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/346187
reference_id 346187
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:23:46Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/346187
3
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
4
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
5
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39935.json
reference_id CVE-2021-39935.json
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:23:46Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39935.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39935
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t8nq-hx26-kfc7
256
url VCID-tb8y-54tw-nkb2
vulnerability_id VCID-tb8y-54tw-nkb2
summary A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22179
reference_id
reference_type
scores
0
value 0.0031
scoring_system epss
scoring_elements 0.54046
published_at 2026-04-01T12:55:00Z
1
value 0.0031
scoring_system epss
scoring_elements 0.54063
published_at 2026-04-02T12:55:00Z
2
value 0.0031
scoring_system epss
scoring_elements 0.54092
published_at 2026-04-04T12:55:00Z
3
value 0.0031
scoring_system epss
scoring_elements 0.54066
published_at 2026-04-07T12:55:00Z
4
value 0.0031
scoring_system epss
scoring_elements 0.54117
published_at 2026-04-08T12:55:00Z
5
value 0.0031
scoring_system epss
scoring_elements 0.54115
published_at 2026-04-24T12:55:00Z
6
value 0.0031
scoring_system epss
scoring_elements 0.54165
published_at 2026-04-16T12:55:00Z
7
value 0.0031
scoring_system epss
scoring_elements 0.54147
published_at 2026-04-12T12:55:00Z
8
value 0.0031
scoring_system epss
scoring_elements 0.54126
published_at 2026-04-13T12:55:00Z
9
value 0.0031
scoring_system epss
scoring_elements 0.54169
published_at 2026-04-18T12:55:00Z
10
value 0.0031
scoring_system epss
scoring_elements 0.5415
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22179
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22179
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tb8y-54tw-nkb2
257
url VCID-tfat-25ty-rfgj
vulnerability_id VCID-tfat-25ty-rfgj
summary An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22238
reference_id
reference_type
scores
0
value 0.01196
scoring_system epss
scoring_elements 0.78937
published_at 2026-04-24T12:55:00Z
1
value 0.01196
scoring_system epss
scoring_elements 0.78838
published_at 2026-04-01T12:55:00Z
2
value 0.01196
scoring_system epss
scoring_elements 0.78844
published_at 2026-04-02T12:55:00Z
3
value 0.01196
scoring_system epss
scoring_elements 0.78873
published_at 2026-04-04T12:55:00Z
4
value 0.01196
scoring_system epss
scoring_elements 0.78855
published_at 2026-04-07T12:55:00Z
5
value 0.01196
scoring_system epss
scoring_elements 0.7888
published_at 2026-04-08T12:55:00Z
6
value 0.01196
scoring_system epss
scoring_elements 0.78887
published_at 2026-04-09T12:55:00Z
7
value 0.01196
scoring_system epss
scoring_elements 0.7891
published_at 2026-04-11T12:55:00Z
8
value 0.01196
scoring_system epss
scoring_elements 0.78894
published_at 2026-04-12T12:55:00Z
9
value 0.01196
scoring_system epss
scoring_elements 0.78885
published_at 2026-04-13T12:55:00Z
10
value 0.01196
scoring_system epss
scoring_elements 0.78913
published_at 2026-04-16T12:55:00Z
11
value 0.01196
scoring_system epss
scoring_elements 0.78911
published_at 2026-04-18T12:55:00Z
12
value 0.01196
scoring_system epss
scoring_elements 0.78908
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22238
1
reference_url https://security.archlinux.org/AVG-2335
reference_id AVG-2335
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2335
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22238
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfat-25ty-rfgj
258
url VCID-tgce-yndb-zqa8
vulnerability_id VCID-tgce-yndb-zqa8
summary An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1178
reference_id
reference_type
scores
0
value 0.03553
scoring_system epss
scoring_elements 0.87725
published_at 2026-04-24T12:55:00Z
1
value 0.03553
scoring_system epss
scoring_elements 0.87705
published_at 2026-04-11T12:55:00Z
2
value 0.03553
scoring_system epss
scoring_elements 0.87698
published_at 2026-04-12T12:55:00Z
3
value 0.03553
scoring_system epss
scoring_elements 0.87696
published_at 2026-04-13T12:55:00Z
4
value 0.03553
scoring_system epss
scoring_elements 0.87711
published_at 2026-04-18T12:55:00Z
5
value 0.03553
scoring_system epss
scoring_elements 0.87708
published_at 2026-04-21T12:55:00Z
6
value 0.03553
scoring_system epss
scoring_elements 0.87653
published_at 2026-04-02T12:55:00Z
7
value 0.03553
scoring_system epss
scoring_elements 0.87665
published_at 2026-04-04T12:55:00Z
8
value 0.03553
scoring_system epss
scoring_elements 0.87666
published_at 2026-04-07T12:55:00Z
9
value 0.03553
scoring_system epss
scoring_elements 0.87687
published_at 2026-04-08T12:55:00Z
10
value 0.03553
scoring_system epss
scoring_elements 0.87694
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1178
1
reference_url https://hackerone.com/reports/1778009
reference_id 1778009
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:32:24Z/
url https://hackerone.com/reports/1778009
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/381815
reference_id 381815
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:32:24Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/381815
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1178.json
reference_id CVE-2023-1178.json
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:32:24Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1178.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-1178
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgce-yndb-zqa8
259
url VCID-tk7s-v2w6-ukhr
vulnerability_id VCID-tk7s-v2w6-ukhr
summary An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22239
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37239
published_at 2026-04-24T12:55:00Z
1
value 0.00165
scoring_system epss
scoring_elements 0.37411
published_at 2026-04-01T12:55:00Z
2
value 0.00165
scoring_system epss
scoring_elements 0.37577
published_at 2026-04-02T12:55:00Z
3
value 0.00165
scoring_system epss
scoring_elements 0.37601
published_at 2026-04-04T12:55:00Z
4
value 0.00165
scoring_system epss
scoring_elements 0.37478
published_at 2026-04-07T12:55:00Z
5
value 0.00165
scoring_system epss
scoring_elements 0.37529
published_at 2026-04-08T12:55:00Z
6
value 0.00165
scoring_system epss
scoring_elements 0.37542
published_at 2026-04-16T12:55:00Z
7
value 0.00165
scoring_system epss
scoring_elements 0.37556
published_at 2026-04-11T12:55:00Z
8
value 0.00165
scoring_system epss
scoring_elements 0.37521
published_at 2026-04-12T12:55:00Z
9
value 0.00165
scoring_system epss
scoring_elements 0.37495
published_at 2026-04-13T12:55:00Z
10
value 0.00165
scoring_system epss
scoring_elements 0.37523
published_at 2026-04-18T12:55:00Z
11
value 0.00165
scoring_system epss
scoring_elements 0.37459
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22239
1
reference_url https://security.archlinux.org/ASA-202108-7
reference_id ASA-202108-7
reference_type
scores
url https://security.archlinux.org/ASA-202108-7
2
reference_url https://security.archlinux.org/AVG-2251
reference_id AVG-2251
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2251
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22239
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tk7s-v2w6-ukhr
260
url VCID-tktz-65eb-aqh1
vulnerability_id VCID-tktz-65eb-aqh1
summary An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0124
reference_id
reference_type
scores
0
value 0.00269
scoring_system epss
scoring_elements 0.5029
published_at 2026-04-01T12:55:00Z
1
value 0.00269
scoring_system epss
scoring_elements 0.50346
published_at 2026-04-02T12:55:00Z
2
value 0.00269
scoring_system epss
scoring_elements 0.50375
published_at 2026-04-13T12:55:00Z
3
value 0.00269
scoring_system epss
scoring_elements 0.50325
published_at 2026-04-07T12:55:00Z
4
value 0.00269
scoring_system epss
scoring_elements 0.50378
published_at 2026-04-08T12:55:00Z
5
value 0.00269
scoring_system epss
scoring_elements 0.50371
published_at 2026-04-09T12:55:00Z
6
value 0.00269
scoring_system epss
scoring_elements 0.50413
published_at 2026-04-11T12:55:00Z
7
value 0.00269
scoring_system epss
scoring_elements 0.5039
published_at 2026-04-12T12:55:00Z
8
value 0.00269
scoring_system epss
scoring_elements 0.5042
published_at 2026-04-16T12:55:00Z
9
value 0.00269
scoring_system epss
scoring_elements 0.50424
published_at 2026-04-18T12:55:00Z
10
value 0.00269
scoring_system epss
scoring_elements 0.50401
published_at 2026-04-21T12:55:00Z
11
value 0.00269
scoring_system epss
scoring_elements 0.50347
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0124
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0124
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tktz-65eb-aqh1
261
url VCID-tuxq-42yv-2qd2
vulnerability_id VCID-tuxq-42yv-2qd2
summary An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'Internal' and access Internal projects.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22263
reference_id
reference_type
scores
0
value 0.00205
scoring_system epss
scoring_elements 0.42613
published_at 2026-04-01T12:55:00Z
1
value 0.00205
scoring_system epss
scoring_elements 0.42683
published_at 2026-04-02T12:55:00Z
2
value 0.00205
scoring_system epss
scoring_elements 0.42711
published_at 2026-04-04T12:55:00Z
3
value 0.00205
scoring_system epss
scoring_elements 0.42652
published_at 2026-04-07T12:55:00Z
4
value 0.00205
scoring_system epss
scoring_elements 0.42703
published_at 2026-04-08T12:55:00Z
5
value 0.00205
scoring_system epss
scoring_elements 0.42715
published_at 2026-04-09T12:55:00Z
6
value 0.00205
scoring_system epss
scoring_elements 0.42738
published_at 2026-04-11T12:55:00Z
7
value 0.00205
scoring_system epss
scoring_elements 0.42702
published_at 2026-04-12T12:55:00Z
8
value 0.00205
scoring_system epss
scoring_elements 0.42685
published_at 2026-04-13T12:55:00Z
9
value 0.00205
scoring_system epss
scoring_elements 0.42746
published_at 2026-04-16T12:55:00Z
10
value 0.00205
scoring_system epss
scoring_elements 0.42735
published_at 2026-04-18T12:55:00Z
11
value 0.00205
scoring_system epss
scoring_elements 0.42671
published_at 2026-04-21T12:55:00Z
12
value 0.00205
scoring_system epss
scoring_elements 0.42595
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22263
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22263
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tuxq-42yv-2qd2
262
url VCID-tv9d-9wvu-rfdg
vulnerability_id VCID-tv9d-9wvu-rfdg
summary An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2303
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37885
published_at 2026-04-24T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.38229
published_at 2026-04-02T12:55:00Z
2
value 0.00169
scoring_system epss
scoring_elements 0.38252
published_at 2026-04-04T12:55:00Z
3
value 0.00169
scoring_system epss
scoring_elements 0.38122
published_at 2026-04-07T12:55:00Z
4
value 0.00169
scoring_system epss
scoring_elements 0.38172
published_at 2026-04-08T12:55:00Z
5
value 0.00169
scoring_system epss
scoring_elements 0.3818
published_at 2026-04-09T12:55:00Z
6
value 0.00169
scoring_system epss
scoring_elements 0.38198
published_at 2026-04-11T12:55:00Z
7
value 0.00169
scoring_system epss
scoring_elements 0.38163
published_at 2026-04-12T12:55:00Z
8
value 0.00169
scoring_system epss
scoring_elements 0.38139
published_at 2026-04-13T12:55:00Z
9
value 0.00169
scoring_system epss
scoring_elements 0.38184
published_at 2026-04-16T12:55:00Z
10
value 0.00169
scoring_system epss
scoring_elements 0.38166
published_at 2026-04-18T12:55:00Z
11
value 0.00169
scoring_system epss
scoring_elements 0.38101
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2303
1
reference_url https://security.archlinux.org/AVG-2785
reference_id AVG-2785
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2785
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2303
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tv9d-9wvu-rfdg
263
url VCID-twzs-xkgr-sqea
vulnerability_id VCID-twzs-xkgr-sqea
summary An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22188
reference_id
reference_type
scores
0
value 0.00327
scoring_system epss
scoring_elements 0.55487
published_at 2026-04-01T12:55:00Z
1
value 0.00327
scoring_system epss
scoring_elements 0.55598
published_at 2026-04-02T12:55:00Z
2
value 0.00327
scoring_system epss
scoring_elements 0.55622
published_at 2026-04-04T12:55:00Z
3
value 0.00327
scoring_system epss
scoring_elements 0.556
published_at 2026-04-07T12:55:00Z
4
value 0.00327
scoring_system epss
scoring_elements 0.55651
published_at 2026-04-08T12:55:00Z
5
value 0.00327
scoring_system epss
scoring_elements 0.55655
published_at 2026-04-09T12:55:00Z
6
value 0.00327
scoring_system epss
scoring_elements 0.55664
published_at 2026-04-11T12:55:00Z
7
value 0.00327
scoring_system epss
scoring_elements 0.55644
published_at 2026-04-12T12:55:00Z
8
value 0.00327
scoring_system epss
scoring_elements 0.55627
published_at 2026-04-13T12:55:00Z
9
value 0.00327
scoring_system epss
scoring_elements 0.55666
published_at 2026-04-16T12:55:00Z
10
value 0.00327
scoring_system epss
scoring_elements 0.55669
published_at 2026-04-18T12:55:00Z
11
value 0.00327
scoring_system epss
scoring_elements 0.55649
published_at 2026-04-21T12:55:00Z
12
value 0.00327
scoring_system epss
scoring_elements 0.55576
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22188
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22188
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-twzs-xkgr-sqea
264
url VCID-tzw9-uffa-9ycy
vulnerability_id VCID-tzw9-uffa-9ycy
summary Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2417
reference_id
reference_type
scores
0
value 0.00149
scoring_system epss
scoring_elements 0.35153
published_at 2026-04-24T12:55:00Z
1
value 0.00149
scoring_system epss
scoring_elements 0.3549
published_at 2026-04-02T12:55:00Z
2
value 0.00149
scoring_system epss
scoring_elements 0.35515
published_at 2026-04-04T12:55:00Z
3
value 0.00149
scoring_system epss
scoring_elements 0.35398
published_at 2026-04-07T12:55:00Z
4
value 0.00149
scoring_system epss
scoring_elements 0.35444
published_at 2026-04-08T12:55:00Z
5
value 0.00149
scoring_system epss
scoring_elements 0.35468
published_at 2026-04-09T12:55:00Z
6
value 0.00149
scoring_system epss
scoring_elements 0.35478
published_at 2026-04-11T12:55:00Z
7
value 0.00149
scoring_system epss
scoring_elements 0.35435
published_at 2026-04-12T12:55:00Z
8
value 0.00149
scoring_system epss
scoring_elements 0.35411
published_at 2026-04-13T12:55:00Z
9
value 0.00149
scoring_system epss
scoring_elements 0.35452
published_at 2026-04-16T12:55:00Z
10
value 0.00149
scoring_system epss
scoring_elements 0.3544
published_at 2026-04-18T12:55:00Z
11
value 0.00149
scoring_system epss
scoring_elements 0.35387
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2417
1
reference_url https://security.archlinux.org/AVG-2785
reference_id AVG-2785
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2785
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2417
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tzw9-uffa-9ycy
265
url VCID-u4sr-c5ew-3qbc
vulnerability_id VCID-u4sr-c5ew-3qbc
summary A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3639
reference_id
reference_type
scores
0
value 0.00187
scoring_system epss
scoring_elements 0.40587
published_at 2026-04-08T12:55:00Z
1
value 0.00187
scoring_system epss
scoring_elements 0.40614
published_at 2026-04-04T12:55:00Z
2
value 0.00187
scoring_system epss
scoring_elements 0.40536
published_at 2026-04-07T12:55:00Z
3
value 0.00187
scoring_system epss
scoring_elements 0.40597
published_at 2026-04-09T12:55:00Z
4
value 0.00187
scoring_system epss
scoring_elements 0.40615
published_at 2026-04-11T12:55:00Z
5
value 0.00187
scoring_system epss
scoring_elements 0.40578
published_at 2026-04-12T12:55:00Z
6
value 0.00187
scoring_system epss
scoring_elements 0.40558
published_at 2026-04-13T12:55:00Z
7
value 0.00198
scoring_system epss
scoring_elements 0.41847
published_at 2026-04-16T12:55:00Z
8
value 0.00198
scoring_system epss
scoring_elements 0.4182
published_at 2026-04-18T12:55:00Z
9
value 0.00198
scoring_system epss
scoring_elements 0.41748
published_at 2026-04-21T12:55:00Z
10
value 0.00198
scoring_system epss
scoring_elements 0.41675
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3639
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/366876
reference_id 366876
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:52:53Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/366876
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3639.json
reference_id CVE-2022-3639.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:52:53Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3639.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3639
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u4sr-c5ew-3qbc
266
url VCID-uaaf-28uh-jkds
vulnerability_id VCID-uaaf-28uh-jkds
summary An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2498
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.42111
published_at 2026-04-02T12:55:00Z
1
value 0.002
scoring_system epss
scoring_elements 0.4214
published_at 2026-04-09T12:55:00Z
2
value 0.002
scoring_system epss
scoring_elements 0.42076
published_at 2026-04-07T12:55:00Z
3
value 0.002
scoring_system epss
scoring_elements 0.42128
published_at 2026-04-08T12:55:00Z
4
value 0.002
scoring_system epss
scoring_elements 0.42161
published_at 2026-04-11T12:55:00Z
5
value 0.002
scoring_system epss
scoring_elements 0.42124
published_at 2026-04-12T12:55:00Z
6
value 0.002
scoring_system epss
scoring_elements 0.421
published_at 2026-04-13T12:55:00Z
7
value 0.002
scoring_system epss
scoring_elements 0.42151
published_at 2026-04-16T12:55:00Z
8
value 0.002
scoring_system epss
scoring_elements 0.42125
published_at 2026-04-18T12:55:00Z
9
value 0.002
scoring_system epss
scoring_elements 0.42055
published_at 2026-04-21T12:55:00Z
10
value 0.002
scoring_system epss
scoring_elements 0.41997
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2498
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2498
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uaaf-28uh-jkds
267
url VCID-ubka-br7q-dyax
vulnerability_id VCID-ubka-br7q-dyax
summary An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39905
reference_id
reference_type
scores
0
value 0.003
scoring_system epss
scoring_elements 0.53322
published_at 2026-04-24T12:55:00Z
1
value 0.003
scoring_system epss
scoring_elements 0.53244
published_at 2026-04-01T12:55:00Z
2
value 0.003
scoring_system epss
scoring_elements 0.53267
published_at 2026-04-02T12:55:00Z
3
value 0.003
scoring_system epss
scoring_elements 0.53293
published_at 2026-04-04T12:55:00Z
4
value 0.003
scoring_system epss
scoring_elements 0.53262
published_at 2026-04-07T12:55:00Z
5
value 0.003
scoring_system epss
scoring_elements 0.53314
published_at 2026-04-08T12:55:00Z
6
value 0.003
scoring_system epss
scoring_elements 0.53309
published_at 2026-04-09T12:55:00Z
7
value 0.003
scoring_system epss
scoring_elements 0.53359
published_at 2026-04-11T12:55:00Z
8
value 0.003
scoring_system epss
scoring_elements 0.53344
published_at 2026-04-12T12:55:00Z
9
value 0.003
scoring_system epss
scoring_elements 0.53327
published_at 2026-04-13T12:55:00Z
10
value 0.003
scoring_system epss
scoring_elements 0.53365
published_at 2026-04-16T12:55:00Z
11
value 0.003
scoring_system epss
scoring_elements 0.5337
published_at 2026-04-18T12:55:00Z
12
value 0.003
scoring_system epss
scoring_elements 0.5335
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39905
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39905
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ubka-br7q-dyax
268
url VCID-ujgs-nnuc-mqe2
vulnerability_id VCID-ujgs-nnuc-mqe2
summary In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39871
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.31204
published_at 2026-04-24T12:55:00Z
1
value 0.00123
scoring_system epss
scoring_elements 0.31384
published_at 2026-04-01T12:55:00Z
2
value 0.00123
scoring_system epss
scoring_elements 0.31521
published_at 2026-04-02T12:55:00Z
3
value 0.00123
scoring_system epss
scoring_elements 0.31563
published_at 2026-04-04T12:55:00Z
4
value 0.00123
scoring_system epss
scoring_elements 0.31381
published_at 2026-04-07T12:55:00Z
5
value 0.00123
scoring_system epss
scoring_elements 0.31434
published_at 2026-04-08T12:55:00Z
6
value 0.00123
scoring_system epss
scoring_elements 0.31465
published_at 2026-04-09T12:55:00Z
7
value 0.00123
scoring_system epss
scoring_elements 0.31468
published_at 2026-04-11T12:55:00Z
8
value 0.00123
scoring_system epss
scoring_elements 0.31425
published_at 2026-04-12T12:55:00Z
9
value 0.00123
scoring_system epss
scoring_elements 0.31389
published_at 2026-04-13T12:55:00Z
10
value 0.00123
scoring_system epss
scoring_elements 0.31422
published_at 2026-04-16T12:55:00Z
11
value 0.00123
scoring_system epss
scoring_elements 0.31402
published_at 2026-04-18T12:55:00Z
12
value 0.00123
scoring_system epss
scoring_elements 0.31373
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39871
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39871
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ujgs-nnuc-mqe2
269
url VCID-umzr-tarf-4bb7
vulnerability_id VCID-umzr-tarf-4bb7
summary An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2244
reference_id
reference_type
scores
0
value 0.00174
scoring_system epss
scoring_elements 0.38791
published_at 2026-04-02T12:55:00Z
1
value 0.00174
scoring_system epss
scoring_elements 0.38812
published_at 2026-04-04T12:55:00Z
2
value 0.00174
scoring_system epss
scoring_elements 0.38741
published_at 2026-04-07T12:55:00Z
3
value 0.00174
scoring_system epss
scoring_elements 0.3879
published_at 2026-04-08T12:55:00Z
4
value 0.00174
scoring_system epss
scoring_elements 0.38802
published_at 2026-04-09T12:55:00Z
5
value 0.00174
scoring_system epss
scoring_elements 0.38814
published_at 2026-04-11T12:55:00Z
6
value 0.00174
scoring_system epss
scoring_elements 0.38777
published_at 2026-04-12T12:55:00Z
7
value 0.00174
scoring_system epss
scoring_elements 0.3875
published_at 2026-04-13T12:55:00Z
8
value 0.00174
scoring_system epss
scoring_elements 0.38795
published_at 2026-04-16T12:55:00Z
9
value 0.00174
scoring_system epss
scoring_elements 0.38774
published_at 2026-04-18T12:55:00Z
10
value 0.00174
scoring_system epss
scoring_elements 0.38694
published_at 2026-04-21T12:55:00Z
11
value 0.00174
scoring_system epss
scoring_elements 0.38538
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2244
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2244
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-umzr-tarf-4bb7
270
url VCID-uncf-tbex-nuey
vulnerability_id VCID-uncf-tbex-nuey
summary An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3381
reference_id
reference_type
scores
0
value 0.00545
scoring_system epss
scoring_elements 0.67822
published_at 2026-04-21T12:55:00Z
1
value 0.00545
scoring_system epss
scoring_elements 0.67817
published_at 2026-04-09T12:55:00Z
2
value 0.00545
scoring_system epss
scoring_elements 0.67841
published_at 2026-04-24T12:55:00Z
3
value 0.00545
scoring_system epss
scoring_elements 0.67827
published_at 2026-04-16T12:55:00Z
4
value 0.00545
scoring_system epss
scoring_elements 0.67791
published_at 2026-04-13T12:55:00Z
5
value 0.00545
scoring_system epss
scoring_elements 0.6784
published_at 2026-04-18T12:55:00Z
6
value 0.00545
scoring_system epss
scoring_elements 0.67751
published_at 2026-04-02T12:55:00Z
7
value 0.00545
scoring_system epss
scoring_elements 0.67771
published_at 2026-04-04T12:55:00Z
8
value 0.00545
scoring_system epss
scoring_elements 0.67752
published_at 2026-04-07T12:55:00Z
9
value 0.00545
scoring_system epss
scoring_elements 0.67803
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3381
1
reference_url https://hackerone.com/reports/1711497
reference_id 1711497
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T17:31:28Z/
url https://hackerone.com/reports/1711497
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/376046
reference_id 376046
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T17:31:28Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/376046
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3381.json
reference_id CVE-2022-3381.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T17:31:28Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3381.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3381
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uncf-tbex-nuey
271
url VCID-unhf-zjns-n7fn
vulnerability_id VCID-unhf-zjns-n7fn
summary An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22208
reference_id
reference_type
scores
0
value 0.00184
scoring_system epss
scoring_elements 0.39935
published_at 2026-04-24T12:55:00Z
1
value 0.00184
scoring_system epss
scoring_elements 0.4005
published_at 2026-04-01T12:55:00Z
2
value 0.00184
scoring_system epss
scoring_elements 0.40199
published_at 2026-04-02T12:55:00Z
3
value 0.00184
scoring_system epss
scoring_elements 0.40224
published_at 2026-04-04T12:55:00Z
4
value 0.00184
scoring_system epss
scoring_elements 0.40147
published_at 2026-04-07T12:55:00Z
5
value 0.00184
scoring_system epss
scoring_elements 0.402
published_at 2026-04-08T12:55:00Z
6
value 0.00184
scoring_system epss
scoring_elements 0.40212
published_at 2026-04-09T12:55:00Z
7
value 0.00184
scoring_system epss
scoring_elements 0.40223
published_at 2026-04-11T12:55:00Z
8
value 0.00184
scoring_system epss
scoring_elements 0.40186
published_at 2026-04-12T12:55:00Z
9
value 0.00184
scoring_system epss
scoring_elements 0.40168
published_at 2026-04-13T12:55:00Z
10
value 0.00184
scoring_system epss
scoring_elements 0.40217
published_at 2026-04-16T12:55:00Z
11
value 0.00184
scoring_system epss
scoring_elements 0.40187
published_at 2026-04-18T12:55:00Z
12
value 0.00184
scoring_system epss
scoring_elements 0.40109
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22208
1
reference_url https://security.archlinux.org/ASA-202105-4
reference_id ASA-202105-4
reference_type
scores
url https://security.archlinux.org/ASA-202105-4
2
reference_url https://security.archlinux.org/AVG-1888
reference_id AVG-1888
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1888
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22208
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-unhf-zjns-n7fn
272
url VCID-utt5-yq43-tydb
vulnerability_id VCID-utt5-yq43-tydb
summary Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39897
reference_id
reference_type
scores
0
value 0.00289
scoring_system epss
scoring_elements 0.52335
published_at 2026-04-24T12:55:00Z
1
value 0.00289
scoring_system epss
scoring_elements 0.52257
published_at 2026-04-01T12:55:00Z
2
value 0.00289
scoring_system epss
scoring_elements 0.523
published_at 2026-04-02T12:55:00Z
3
value 0.00289
scoring_system epss
scoring_elements 0.52328
published_at 2026-04-04T12:55:00Z
4
value 0.00289
scoring_system epss
scoring_elements 0.5229
published_at 2026-04-07T12:55:00Z
5
value 0.00289
scoring_system epss
scoring_elements 0.52343
published_at 2026-04-08T12:55:00Z
6
value 0.00289
scoring_system epss
scoring_elements 0.52338
published_at 2026-04-09T12:55:00Z
7
value 0.00289
scoring_system epss
scoring_elements 0.52388
published_at 2026-04-11T12:55:00Z
8
value 0.00289
scoring_system epss
scoring_elements 0.52373
published_at 2026-04-12T12:55:00Z
9
value 0.00289
scoring_system epss
scoring_elements 0.52359
published_at 2026-04-13T12:55:00Z
10
value 0.00289
scoring_system epss
scoring_elements 0.52397
published_at 2026-04-16T12:55:00Z
11
value 0.00289
scoring_system epss
scoring_elements 0.52403
published_at 2026-04-18T12:55:00Z
12
value 0.00289
scoring_system epss
scoring_elements 0.52387
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39897
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39897
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-utt5-yq43-tydb
273
url VCID-uwds-2syn-ykbq
vulnerability_id VCID-uwds-2syn-ykbq
summary An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3613
reference_id
reference_type
scores
0
value 0.00377
scoring_system epss
scoring_elements 0.59248
published_at 2026-04-24T12:55:00Z
1
value 0.00377
scoring_system epss
scoring_elements 0.5926
published_at 2026-04-12T12:55:00Z
2
value 0.00377
scoring_system epss
scoring_elements 0.59242
published_at 2026-04-13T12:55:00Z
3
value 0.00377
scoring_system epss
scoring_elements 0.59279
published_at 2026-04-16T12:55:00Z
4
value 0.00377
scoring_system epss
scoring_elements 0.59285
published_at 2026-04-18T12:55:00Z
5
value 0.00377
scoring_system epss
scoring_elements 0.59267
published_at 2026-04-21T12:55:00Z
6
value 0.00377
scoring_system epss
scoring_elements 0.59204
published_at 2026-04-02T12:55:00Z
7
value 0.00377
scoring_system epss
scoring_elements 0.59228
published_at 2026-04-04T12:55:00Z
8
value 0.00377
scoring_system epss
scoring_elements 0.59192
published_at 2026-04-07T12:55:00Z
9
value 0.00377
scoring_system epss
scoring_elements 0.59244
published_at 2026-04-08T12:55:00Z
10
value 0.00377
scoring_system epss
scoring_elements 0.59258
published_at 2026-04-09T12:55:00Z
11
value 0.00377
scoring_system epss
scoring_elements 0.59277
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3613
1
reference_url https://hackerone.com/reports/1723106
reference_id 1723106
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:05:50Z/
url https://hackerone.com/reports/1723106
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/378456
reference_id 378456
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:05:50Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/378456
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3613.json
reference_id CVE-2022-3613.json
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:05:50Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3613.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3613
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uwds-2syn-ykbq
274
url VCID-uzq6-eukx-8yhv
vulnerability_id VCID-uzq6-eukx-8yhv
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege to a maintainer on projects they import
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39944
reference_id
reference_type
scores
0
value 0.00176
scoring_system epss
scoring_elements 0.38836
published_at 2026-04-24T12:55:00Z
1
value 0.00176
scoring_system epss
scoring_elements 0.38955
published_at 2026-04-01T12:55:00Z
2
value 0.00176
scoring_system epss
scoring_elements 0.39141
published_at 2026-04-02T12:55:00Z
3
value 0.00176
scoring_system epss
scoring_elements 0.39163
published_at 2026-04-04T12:55:00Z
4
value 0.00176
scoring_system epss
scoring_elements 0.39082
published_at 2026-04-07T12:55:00Z
5
value 0.00176
scoring_system epss
scoring_elements 0.39137
published_at 2026-04-08T12:55:00Z
6
value 0.00176
scoring_system epss
scoring_elements 0.39153
published_at 2026-04-09T12:55:00Z
7
value 0.00176
scoring_system epss
scoring_elements 0.39165
published_at 2026-04-11T12:55:00Z
8
value 0.00176
scoring_system epss
scoring_elements 0.39128
published_at 2026-04-12T12:55:00Z
9
value 0.00176
scoring_system epss
scoring_elements 0.39109
published_at 2026-04-13T12:55:00Z
10
value 0.00176
scoring_system epss
scoring_elements 0.39164
published_at 2026-04-16T12:55:00Z
11
value 0.00176
scoring_system epss
scoring_elements 0.39133
published_at 2026-04-18T12:55:00Z
12
value 0.00176
scoring_system epss
scoring_elements 0.39045
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39944
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39944
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uzq6-eukx-8yhv
275
url VCID-v35f-3xsf-qkcs
vulnerability_id VCID-v35f-3xsf-qkcs
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0735
reference_id
reference_type
scores
0
value 0.57385
scoring_system epss
scoring_elements 0.98139
published_at 2026-04-01T12:55:00Z
1
value 0.57385
scoring_system epss
scoring_elements 0.98141
published_at 2026-04-02T12:55:00Z
2
value 0.57385
scoring_system epss
scoring_elements 0.98145
published_at 2026-04-04T12:55:00Z
3
value 0.57385
scoring_system epss
scoring_elements 0.98147
published_at 2026-04-07T12:55:00Z
4
value 0.57385
scoring_system epss
scoring_elements 0.9815
published_at 2026-04-08T12:55:00Z
5
value 0.57385
scoring_system epss
scoring_elements 0.98151
published_at 2026-04-09T12:55:00Z
6
value 0.57385
scoring_system epss
scoring_elements 0.98155
published_at 2026-04-11T12:55:00Z
7
value 0.57385
scoring_system epss
scoring_elements 0.98154
published_at 2026-04-13T12:55:00Z
8
value 0.57385
scoring_system epss
scoring_elements 0.9816
published_at 2026-04-24T12:55:00Z
9
value 0.57385
scoring_system epss
scoring_elements 0.98161
published_at 2026-04-18T12:55:00Z
10
value 0.57385
scoring_system epss
scoring_elements 0.98159
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0735
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0735
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v35f-3xsf-qkcs
276
url VCID-v428-jfje-efdy
vulnerability_id VCID-v428-jfje-efdy
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1204
reference_id
reference_type
scores
0
value 0.00323
scoring_system epss
scoring_elements 0.5529
published_at 2026-04-24T12:55:00Z
1
value 0.00323
scoring_system epss
scoring_elements 0.55352
published_at 2026-04-12T12:55:00Z
2
value 0.00323
scoring_system epss
scoring_elements 0.55334
published_at 2026-04-13T12:55:00Z
3
value 0.00323
scoring_system epss
scoring_elements 0.5537
published_at 2026-04-16T12:55:00Z
4
value 0.00323
scoring_system epss
scoring_elements 0.55375
published_at 2026-04-18T12:55:00Z
5
value 0.00323
scoring_system epss
scoring_elements 0.55353
published_at 2026-04-21T12:55:00Z
6
value 0.00323
scoring_system epss
scoring_elements 0.55306
published_at 2026-04-02T12:55:00Z
7
value 0.00323
scoring_system epss
scoring_elements 0.5533
published_at 2026-04-04T12:55:00Z
8
value 0.00323
scoring_system epss
scoring_elements 0.55312
published_at 2026-04-07T12:55:00Z
9
value 0.00323
scoring_system epss
scoring_elements 0.55363
published_at 2026-04-09T12:55:00Z
10
value 0.00323
scoring_system epss
scoring_elements 0.55374
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1204
1
reference_url https://hackerone.com/reports/1881598
reference_id 1881598
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T15:23:08Z/
url https://hackerone.com/reports/1881598
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/394745
reference_id 394745
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T15:23:08Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/394745
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1204.json
reference_id CVE-2023-1204.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T15:23:08Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1204.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-1204
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v428-jfje-efdy
277
url VCID-vd16-7urm-jybw
vulnerability_id VCID-vd16-7urm-jybw
summary An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not correctly handling requests to delete existing packages which could result in a Denial of Service under specific conditions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0151
reference_id
reference_type
scores
0
value 0.00257
scoring_system epss
scoring_elements 0.49047
published_at 2026-04-01T12:55:00Z
1
value 0.00257
scoring_system epss
scoring_elements 0.49081
published_at 2026-04-02T12:55:00Z
2
value 0.00257
scoring_system epss
scoring_elements 0.49109
published_at 2026-04-04T12:55:00Z
3
value 0.00257
scoring_system epss
scoring_elements 0.49063
published_at 2026-04-07T12:55:00Z
4
value 0.00257
scoring_system epss
scoring_elements 0.49117
published_at 2026-04-08T12:55:00Z
5
value 0.00257
scoring_system epss
scoring_elements 0.49114
published_at 2026-04-09T12:55:00Z
6
value 0.00257
scoring_system epss
scoring_elements 0.49132
published_at 2026-04-11T12:55:00Z
7
value 0.00257
scoring_system epss
scoring_elements 0.49105
published_at 2026-04-12T12:55:00Z
8
value 0.00257
scoring_system epss
scoring_elements 0.49111
published_at 2026-04-24T12:55:00Z
9
value 0.00257
scoring_system epss
scoring_elements 0.49156
published_at 2026-04-16T12:55:00Z
10
value 0.00257
scoring_system epss
scoring_elements 0.49154
published_at 2026-04-18T12:55:00Z
11
value 0.00257
scoring_system epss
scoring_elements 0.49122
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0151
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0151
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vd16-7urm-jybw
278
url VCID-vfvr-mjgk-4qce
vulnerability_id VCID-vfvr-mjgk-4qce
summary An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39941
reference_id
reference_type
scores
0
value 0.00293
scoring_system epss
scoring_elements 0.52606
published_at 2026-04-24T12:55:00Z
1
value 0.00293
scoring_system epss
scoring_elements 0.52522
published_at 2026-04-01T12:55:00Z
2
value 0.00293
scoring_system epss
scoring_elements 0.52568
published_at 2026-04-02T12:55:00Z
3
value 0.00293
scoring_system epss
scoring_elements 0.52594
published_at 2026-04-04T12:55:00Z
4
value 0.00293
scoring_system epss
scoring_elements 0.52561
published_at 2026-04-07T12:55:00Z
5
value 0.00293
scoring_system epss
scoring_elements 0.52613
published_at 2026-04-08T12:55:00Z
6
value 0.00293
scoring_system epss
scoring_elements 0.52607
published_at 2026-04-09T12:55:00Z
7
value 0.00293
scoring_system epss
scoring_elements 0.52658
published_at 2026-04-11T12:55:00Z
8
value 0.00293
scoring_system epss
scoring_elements 0.52641
published_at 2026-04-12T12:55:00Z
9
value 0.00293
scoring_system epss
scoring_elements 0.52625
published_at 2026-04-13T12:55:00Z
10
value 0.00293
scoring_system epss
scoring_elements 0.52663
published_at 2026-04-16T12:55:00Z
11
value 0.00293
scoring_system epss
scoring_elements 0.5267
published_at 2026-04-18T12:55:00Z
12
value 0.00293
scoring_system epss
scoring_elements 0.52655
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39941
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39941
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vfvr-mjgk-4qce
279
url VCID-vns6-ke1r-zkav
vulnerability_id VCID-vns6-ke1r-zkav
summary Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0740
reference_id
reference_type
scores
0
value 0.00083
scoring_system epss
scoring_elements 0.24208
published_at 2026-04-01T12:55:00Z
1
value 0.00083
scoring_system epss
scoring_elements 0.24336
published_at 2026-04-02T12:55:00Z
2
value 0.00083
scoring_system epss
scoring_elements 0.2437
published_at 2026-04-04T12:55:00Z
3
value 0.00083
scoring_system epss
scoring_elements 0.24153
published_at 2026-04-07T12:55:00Z
4
value 0.00083
scoring_system epss
scoring_elements 0.24219
published_at 2026-04-08T12:55:00Z
5
value 0.00083
scoring_system epss
scoring_elements 0.24262
published_at 2026-04-09T12:55:00Z
6
value 0.00083
scoring_system epss
scoring_elements 0.24279
published_at 2026-04-11T12:55:00Z
7
value 0.00083
scoring_system epss
scoring_elements 0.24237
published_at 2026-04-12T12:55:00Z
8
value 0.00083
scoring_system epss
scoring_elements 0.24179
published_at 2026-04-13T12:55:00Z
9
value 0.00083
scoring_system epss
scoring_elements 0.24195
published_at 2026-04-16T12:55:00Z
10
value 0.00083
scoring_system epss
scoring_elements 0.24182
published_at 2026-04-18T12:55:00Z
11
value 0.00083
scoring_system epss
scoring_elements 0.24159
published_at 2026-04-21T12:55:00Z
12
value 0.00083
scoring_system epss
scoring_elements 0.24036
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0740
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0740
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vns6-ke1r-zkav
280
url VCID-vntu-d9ry-bkef
vulnerability_id VCID-vntu-d9ry-bkef
summary An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0123
reference_id
reference_type
scores
0
value 0.00083
scoring_system epss
scoring_elements 0.24277
published_at 2026-04-01T12:55:00Z
1
value 0.00083
scoring_system epss
scoring_elements 0.24404
published_at 2026-04-02T12:55:00Z
2
value 0.00083
scoring_system epss
scoring_elements 0.24436
published_at 2026-04-04T12:55:00Z
3
value 0.00083
scoring_system epss
scoring_elements 0.24219
published_at 2026-04-07T12:55:00Z
4
value 0.00083
scoring_system epss
scoring_elements 0.24285
published_at 2026-04-08T12:55:00Z
5
value 0.00083
scoring_system epss
scoring_elements 0.24329
published_at 2026-04-09T12:55:00Z
6
value 0.00083
scoring_system epss
scoring_elements 0.24346
published_at 2026-04-11T12:55:00Z
7
value 0.00083
scoring_system epss
scoring_elements 0.24304
published_at 2026-04-12T12:55:00Z
8
value 0.00083
scoring_system epss
scoring_elements 0.24247
published_at 2026-04-13T12:55:00Z
9
value 0.00083
scoring_system epss
scoring_elements 0.24263
published_at 2026-04-16T12:55:00Z
10
value 0.00083
scoring_system epss
scoring_elements 0.24251
published_at 2026-04-18T12:55:00Z
11
value 0.00083
scoring_system epss
scoring_elements 0.24228
published_at 2026-04-21T12:55:00Z
12
value 0.00083
scoring_system epss
scoring_elements 0.24104
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0123
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0123
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vntu-d9ry-bkef
281
url VCID-vqxg-nt2j-skcd
vulnerability_id VCID-vqxg-nt2j-skcd
summary Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39913
reference_id
reference_type
scores
0
value 0.0006
scoring_system epss
scoring_elements 0.18766
published_at 2026-04-24T12:55:00Z
1
value 0.0006
scoring_system epss
scoring_elements 0.18953
published_at 2026-04-01T12:55:00Z
2
value 0.0006
scoring_system epss
scoring_elements 0.1909
published_at 2026-04-02T12:55:00Z
3
value 0.0006
scoring_system epss
scoring_elements 0.19141
published_at 2026-04-04T12:55:00Z
4
value 0.0006
scoring_system epss
scoring_elements 0.18858
published_at 2026-04-07T12:55:00Z
5
value 0.0006
scoring_system epss
scoring_elements 0.18937
published_at 2026-04-08T12:55:00Z
6
value 0.0006
scoring_system epss
scoring_elements 0.1899
published_at 2026-04-09T12:55:00Z
7
value 0.0006
scoring_system epss
scoring_elements 0.18997
published_at 2026-04-11T12:55:00Z
8
value 0.0006
scoring_system epss
scoring_elements 0.1895
published_at 2026-04-12T12:55:00Z
9
value 0.0006
scoring_system epss
scoring_elements 0.18899
published_at 2026-04-13T12:55:00Z
10
value 0.0006
scoring_system epss
scoring_elements 0.18854
published_at 2026-04-16T12:55:00Z
11
value 0.0006
scoring_system epss
scoring_elements 0.18866
published_at 2026-04-18T12:55:00Z
12
value 0.0006
scoring_system epss
scoring_elements 0.18877
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39913
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39913
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vqxg-nt2j-skcd
282
url VCID-vzp1-zys5-hybk
vulnerability_id VCID-vzp1-zys5-hybk
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3573
reference_id
reference_type
scores
0
value 0.00775
scoring_system epss
scoring_elements 0.73562
published_at 2026-04-02T12:55:00Z
1
value 0.00775
scoring_system epss
scoring_elements 0.73558
published_at 2026-04-07T12:55:00Z
2
value 0.00775
scoring_system epss
scoring_elements 0.73594
published_at 2026-04-08T12:55:00Z
3
value 0.00775
scoring_system epss
scoring_elements 0.73607
published_at 2026-04-09T12:55:00Z
4
value 0.00775
scoring_system epss
scoring_elements 0.73629
published_at 2026-04-11T12:55:00Z
5
value 0.00775
scoring_system epss
scoring_elements 0.73611
published_at 2026-04-12T12:55:00Z
6
value 0.00775
scoring_system epss
scoring_elements 0.73602
published_at 2026-04-13T12:55:00Z
7
value 0.00775
scoring_system epss
scoring_elements 0.73646
published_at 2026-04-16T12:55:00Z
8
value 0.00775
scoring_system epss
scoring_elements 0.73655
published_at 2026-04-18T12:55:00Z
9
value 0.00775
scoring_system epss
scoring_elements 0.73585
published_at 2026-04-04T12:55:00Z
10
value 0.01246
scoring_system epss
scoring_elements 0.79355
published_at 2026-04-24T12:55:00Z
11
value 0.01246
scoring_system epss
scoring_elements 0.79322
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3573
1
reference_url https://hackerone.com/reports/1730461
reference_id 1730461
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:15:35Z/
url https://hackerone.com/reports/1730461
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/378216
reference_id 378216
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:15:35Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/378216
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3573.json
reference_id CVE-2022-3573.json
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:15:35Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3573.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3573
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vzp1-zys5-hybk
283
url VCID-w1jg-8rdt-3ufv
vulnerability_id VCID-w1jg-8rdt-3ufv
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39932
reference_id
reference_type
scores
0
value 0.00222
scoring_system epss
scoring_elements 0.4469
published_at 2026-04-24T12:55:00Z
1
value 0.00222
scoring_system epss
scoring_elements 0.44711
published_at 2026-04-01T12:55:00Z
2
value 0.00222
scoring_system epss
scoring_elements 0.44791
published_at 2026-04-02T12:55:00Z
3
value 0.00222
scoring_system epss
scoring_elements 0.44812
published_at 2026-04-04T12:55:00Z
4
value 0.00222
scoring_system epss
scoring_elements 0.44752
published_at 2026-04-07T12:55:00Z
5
value 0.00222
scoring_system epss
scoring_elements 0.44805
published_at 2026-04-08T12:55:00Z
6
value 0.00222
scoring_system epss
scoring_elements 0.44807
published_at 2026-04-09T12:55:00Z
7
value 0.00222
scoring_system epss
scoring_elements 0.44824
published_at 2026-04-11T12:55:00Z
8
value 0.00222
scoring_system epss
scoring_elements 0.44793
published_at 2026-04-12T12:55:00Z
9
value 0.00222
scoring_system epss
scoring_elements 0.44794
published_at 2026-04-13T12:55:00Z
10
value 0.00222
scoring_system epss
scoring_elements 0.44848
published_at 2026-04-16T12:55:00Z
11
value 0.00222
scoring_system epss
scoring_elements 0.44841
published_at 2026-04-18T12:55:00Z
12
value 0.00222
scoring_system epss
scoring_elements 0.44776
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39932
1
reference_url https://security.archlinux.org/ASA-202112-10
reference_id ASA-202112-10
reference_type
scores
url https://security.archlinux.org/ASA-202112-10
2
reference_url https://security.archlinux.org/AVG-2603
reference_id AVG-2603
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2603
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39932
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w1jg-8rdt-3ufv
284
url VCID-w551-6zcf-k3ex
vulnerability_id VCID-w551-6zcf-k3ex
summary An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0483
reference_id
reference_type
scores
0
value 0.00419
scoring_system epss
scoring_elements 0.61903
published_at 2026-04-24T12:55:00Z
1
value 0.00419
scoring_system epss
scoring_elements 0.61907
published_at 2026-04-21T12:55:00Z
2
value 0.00419
scoring_system epss
scoring_elements 0.61896
published_at 2026-04-12T12:55:00Z
3
value 0.00419
scoring_system epss
scoring_elements 0.61875
published_at 2026-04-13T12:55:00Z
4
value 0.00419
scoring_system epss
scoring_elements 0.61919
published_at 2026-04-16T12:55:00Z
5
value 0.00419
scoring_system epss
scoring_elements 0.61923
published_at 2026-04-18T12:55:00Z
6
value 0.00419
scoring_system epss
scoring_elements 0.61821
published_at 2026-04-07T12:55:00Z
7
value 0.00419
scoring_system epss
scoring_elements 0.61851
published_at 2026-04-04T12:55:00Z
8
value 0.00419
scoring_system epss
scoring_elements 0.6187
published_at 2026-04-08T12:55:00Z
9
value 0.00419
scoring_system epss
scoring_elements 0.61886
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0483
1
reference_url https://hackerone.com/reports/1836466
reference_id 1836466
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:31:11Z/
url https://hackerone.com/reports/1836466
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/389188
reference_id 389188
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:31:11Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/389188
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0483.json
reference_id CVE-2023-0483.json
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:31:11Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0483.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-0483
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w551-6zcf-k3ex
285
url VCID-w5ry-7u68-vbhz
vulnerability_id VCID-w5ry-7u68-vbhz
summary In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39901
reference_id
reference_type
scores
0
value 0.00293
scoring_system epss
scoring_elements 0.52598
published_at 2026-04-24T12:55:00Z
1
value 0.00293
scoring_system epss
scoring_elements 0.52514
published_at 2026-04-01T12:55:00Z
2
value 0.00293
scoring_system epss
scoring_elements 0.52559
published_at 2026-04-02T12:55:00Z
3
value 0.00293
scoring_system epss
scoring_elements 0.52586
published_at 2026-04-04T12:55:00Z
4
value 0.00293
scoring_system epss
scoring_elements 0.52553
published_at 2026-04-07T12:55:00Z
5
value 0.00293
scoring_system epss
scoring_elements 0.52605
published_at 2026-04-08T12:55:00Z
6
value 0.00293
scoring_system epss
scoring_elements 0.52599
published_at 2026-04-09T12:55:00Z
7
value 0.00293
scoring_system epss
scoring_elements 0.52649
published_at 2026-04-11T12:55:00Z
8
value 0.00293
scoring_system epss
scoring_elements 0.52632
published_at 2026-04-12T12:55:00Z
9
value 0.00293
scoring_system epss
scoring_elements 0.52618
published_at 2026-04-13T12:55:00Z
10
value 0.00293
scoring_system epss
scoring_elements 0.52656
published_at 2026-04-16T12:55:00Z
11
value 0.00293
scoring_system epss
scoring_elements 0.52663
published_at 2026-04-18T12:55:00Z
12
value 0.00293
scoring_system epss
scoring_elements 0.52648
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39901
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39901
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w5ry-7u68-vbhz
286
url VCID-w7kt-u5wa-ayhm
vulnerability_id VCID-w7kt-u5wa-ayhm
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2198
reference_id
reference_type
scores
0
value 0.00795
scoring_system epss
scoring_elements 0.74048
published_at 2026-04-24T12:55:00Z
1
value 0.00795
scoring_system epss
scoring_elements 0.73963
published_at 2026-04-08T12:55:00Z
2
value 0.00795
scoring_system epss
scoring_elements 0.73977
published_at 2026-04-09T12:55:00Z
3
value 0.00795
scoring_system epss
scoring_elements 0.74001
published_at 2026-04-11T12:55:00Z
4
value 0.00795
scoring_system epss
scoring_elements 0.73982
published_at 2026-04-12T12:55:00Z
5
value 0.00795
scoring_system epss
scoring_elements 0.73974
published_at 2026-04-13T12:55:00Z
6
value 0.00795
scoring_system epss
scoring_elements 0.74015
published_at 2026-04-21T12:55:00Z
7
value 0.00795
scoring_system epss
scoring_elements 0.74024
published_at 2026-04-18T12:55:00Z
8
value 0.00795
scoring_system epss
scoring_elements 0.73958
published_at 2026-04-04T12:55:00Z
9
value 0.00795
scoring_system epss
scoring_elements 0.73929
published_at 2026-04-07T12:55:00Z
10
value 0.00935
scoring_system epss
scoring_elements 0.7611
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2198
1
reference_url https://hackerone.com/reports/1947187
reference_id 1947187
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:46:50Z/
url https://hackerone.com/reports/1947187
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/408273
reference_id 408273
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:46:50Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/408273
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2198.json
reference_id CVE-2023-2198.json
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:46:50Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2198.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-2198
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w7kt-u5wa-ayhm
287
url VCID-wd1y-vck3-vyg6
vulnerability_id VCID-wd1y-vck3-vyg6
summary A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2230
reference_id
reference_type
scores
0
value 0.00455
scoring_system epss
scoring_elements 0.63806
published_at 2026-04-02T12:55:00Z
1
value 0.00455
scoring_system epss
scoring_elements 0.63832
published_at 2026-04-04T12:55:00Z
2
value 0.00455
scoring_system epss
scoring_elements 0.6379
published_at 2026-04-07T12:55:00Z
3
value 0.00455
scoring_system epss
scoring_elements 0.63841
published_at 2026-04-08T12:55:00Z
4
value 0.00455
scoring_system epss
scoring_elements 0.63858
published_at 2026-04-21T12:55:00Z
5
value 0.00455
scoring_system epss
scoring_elements 0.63872
published_at 2026-04-11T12:55:00Z
6
value 0.00455
scoring_system epss
scoring_elements 0.63824
published_at 2026-04-13T12:55:00Z
7
value 0.00455
scoring_system epss
scoring_elements 0.63859
published_at 2026-04-16T12:55:00Z
8
value 0.00455
scoring_system epss
scoring_elements 0.63868
published_at 2026-04-18T12:55:00Z
9
value 0.00455
scoring_system epss
scoring_elements 0.63874
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2230
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2230
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wd1y-vck3-vyg6
288
url VCID-wg33-ddc8-t3h4
vulnerability_id VCID-wg33-ddc8-t3h4
summary In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39874
reference_id
reference_type
scores
0
value 0.00253
scoring_system epss
scoring_elements 0.48608
published_at 2026-04-21T12:55:00Z
1
value 0.00253
scoring_system epss
scoring_elements 0.48538
published_at 2026-04-01T12:55:00Z
2
value 0.00253
scoring_system epss
scoring_elements 0.48574
published_at 2026-04-02T12:55:00Z
3
value 0.00253
scoring_system epss
scoring_elements 0.48597
published_at 2026-04-04T12:55:00Z
4
value 0.00253
scoring_system epss
scoring_elements 0.48549
published_at 2026-04-07T12:55:00Z
5
value 0.00253
scoring_system epss
scoring_elements 0.48603
published_at 2026-04-08T12:55:00Z
6
value 0.00253
scoring_system epss
scoring_elements 0.48599
published_at 2026-04-09T12:55:00Z
7
value 0.00253
scoring_system epss
scoring_elements 0.4862
published_at 2026-04-11T12:55:00Z
8
value 0.00253
scoring_system epss
scoring_elements 0.48593
published_at 2026-04-24T12:55:00Z
9
value 0.00253
scoring_system epss
scoring_elements 0.48606
published_at 2026-04-13T12:55:00Z
10
value 0.00253
scoring_system epss
scoring_elements 0.48656
published_at 2026-04-16T12:55:00Z
11
value 0.00253
scoring_system epss
scoring_elements 0.48651
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39874
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39874
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wg33-ddc8-t3h4
289
url VCID-wkxn-6wja-hbbj
vulnerability_id VCID-wkxn-6wja-hbbj
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1189
reference_id
reference_type
scores
0
value 0.00219
scoring_system epss
scoring_elements 0.44459
published_at 2026-04-01T12:55:00Z
1
value 0.00219
scoring_system epss
scoring_elements 0.44528
published_at 2026-04-02T12:55:00Z
2
value 0.00219
scoring_system epss
scoring_elements 0.4455
published_at 2026-04-04T12:55:00Z
3
value 0.00219
scoring_system epss
scoring_elements 0.44488
published_at 2026-04-07T12:55:00Z
4
value 0.00219
scoring_system epss
scoring_elements 0.44539
published_at 2026-04-08T12:55:00Z
5
value 0.00219
scoring_system epss
scoring_elements 0.44544
published_at 2026-04-09T12:55:00Z
6
value 0.00219
scoring_system epss
scoring_elements 0.4456
published_at 2026-04-11T12:55:00Z
7
value 0.00219
scoring_system epss
scoring_elements 0.4453
published_at 2026-04-12T12:55:00Z
8
value 0.00219
scoring_system epss
scoring_elements 0.44532
published_at 2026-04-13T12:55:00Z
9
value 0.00219
scoring_system epss
scoring_elements 0.44587
published_at 2026-04-16T12:55:00Z
10
value 0.00219
scoring_system epss
scoring_elements 0.44579
published_at 2026-04-18T12:55:00Z
11
value 0.00219
scoring_system epss
scoring_elements 0.44509
published_at 2026-04-21T12:55:00Z
12
value 0.00219
scoring_system epss
scoring_elements 0.44427
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1189
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1189
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wkxn-6wja-hbbj
290
url VCID-wm8m-8qsm-tfd2
vulnerability_id VCID-wm8m-8qsm-tfd2
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22205
reference_id
reference_type
scores
0
value 0.94467
scoring_system epss
scoring_elements 0.99996
published_at 2026-04-21T12:55:00Z
1
value 0.94467
scoring_system epss
scoring_elements 0.99997
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22205
1
reference_url https://hackerone.com/reports/1154542
reference_id 1154542
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T19:48:57Z/
url https://hackerone.com/reports/1154542
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/327121
reference_id 327121
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T19:48:57Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/327121
3
reference_url https://security.archlinux.org/ASA-202104-1
reference_id ASA-202104-1
reference_type
scores
url https://security.archlinux.org/ASA-202104-1
4
reference_url https://security.archlinux.org/AVG-1822
reference_id AVG-1822
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1822
5
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/50532.txt
reference_id CVE-2021-22205
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/50532.txt
6
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json
reference_id CVE-2021-22205.json
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T19:48:57Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json
7
reference_url http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html
reference_id GitLab-13.10.2-Remote-Code-Execution.html
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T19:48:57Z/
url http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html
8
reference_url http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html
reference_id GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T19:48:57Z/
url http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22205
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wm8m-8qsm-tfd2
291
url VCID-wnjn-b16y-mfdg
vulnerability_id VCID-wnjn-b16y-mfdg
summary Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39879
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.31408
published_at 2026-04-24T12:55:00Z
1
value 0.00124
scoring_system epss
scoring_elements 0.316
published_at 2026-04-01T12:55:00Z
2
value 0.00124
scoring_system epss
scoring_elements 0.31733
published_at 2026-04-02T12:55:00Z
3
value 0.00124
scoring_system epss
scoring_elements 0.31777
published_at 2026-04-04T12:55:00Z
4
value 0.00124
scoring_system epss
scoring_elements 0.31596
published_at 2026-04-07T12:55:00Z
5
value 0.00124
scoring_system epss
scoring_elements 0.31648
published_at 2026-04-08T12:55:00Z
6
value 0.00124
scoring_system epss
scoring_elements 0.31678
published_at 2026-04-09T12:55:00Z
7
value 0.00124
scoring_system epss
scoring_elements 0.31683
published_at 2026-04-11T12:55:00Z
8
value 0.00124
scoring_system epss
scoring_elements 0.31642
published_at 2026-04-12T12:55:00Z
9
value 0.00124
scoring_system epss
scoring_elements 0.31606
published_at 2026-04-13T12:55:00Z
10
value 0.00124
scoring_system epss
scoring_elements 0.3164
published_at 2026-04-16T12:55:00Z
11
value 0.00124
scoring_system epss
scoring_elements 0.31618
published_at 2026-04-18T12:55:00Z
12
value 0.00124
scoring_system epss
scoring_elements 0.31586
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39879
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39879
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wnjn-b16y-mfdg
292
url VCID-ws9f-zt21-u7bv
vulnerability_id VCID-ws9f-zt21-u7bv
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2199
reference_id
reference_type
scores
0
value 0.02032
scoring_system epss
scoring_elements 0.83862
published_at 2026-04-24T12:55:00Z
1
value 0.02032
scoring_system epss
scoring_elements 0.8379
published_at 2026-04-08T12:55:00Z
2
value 0.02032
scoring_system epss
scoring_elements 0.83797
published_at 2026-04-09T12:55:00Z
3
value 0.02032
scoring_system epss
scoring_elements 0.83813
published_at 2026-04-11T12:55:00Z
4
value 0.02032
scoring_system epss
scoring_elements 0.83807
published_at 2026-04-12T12:55:00Z
5
value 0.02032
scoring_system epss
scoring_elements 0.83802
published_at 2026-04-13T12:55:00Z
6
value 0.02032
scoring_system epss
scoring_elements 0.83835
published_at 2026-04-16T12:55:00Z
7
value 0.02032
scoring_system epss
scoring_elements 0.83836
published_at 2026-04-21T12:55:00Z
8
value 0.02032
scoring_system epss
scoring_elements 0.83764
published_at 2026-04-04T12:55:00Z
9
value 0.02032
scoring_system epss
scoring_elements 0.83767
published_at 2026-04-07T12:55:00Z
10
value 0.02383
scoring_system epss
scoring_elements 0.84938
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2199
1
reference_url https://hackerone.com/reports/1943819
reference_id 1943819
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:45:26Z/
url https://hackerone.com/reports/1943819
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/408272
reference_id 408272
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:45:26Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/408272
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2199.json
reference_id CVE-2023-2199.json
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:45:26Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2199.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-2199
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ws9f-zt21-u7bv
293
url VCID-wt3g-99mt-uug6
vulnerability_id VCID-wt3g-99mt-uug6
summary Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project CI/CD variables by importing a malicious project
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1406
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.43935
published_at 2026-04-24T12:55:00Z
1
value 0.00215
scoring_system epss
scoring_elements 0.43975
published_at 2026-04-01T12:55:00Z
2
value 0.00215
scoring_system epss
scoring_elements 0.44024
published_at 2026-04-02T12:55:00Z
3
value 0.00215
scoring_system epss
scoring_elements 0.44046
published_at 2026-04-04T12:55:00Z
4
value 0.00215
scoring_system epss
scoring_elements 0.43977
published_at 2026-04-07T12:55:00Z
5
value 0.00215
scoring_system epss
scoring_elements 0.44028
published_at 2026-04-08T12:55:00Z
6
value 0.00215
scoring_system epss
scoring_elements 0.4403
published_at 2026-04-09T12:55:00Z
7
value 0.00215
scoring_system epss
scoring_elements 0.44045
published_at 2026-04-11T12:55:00Z
8
value 0.00215
scoring_system epss
scoring_elements 0.44013
published_at 2026-04-12T12:55:00Z
9
value 0.00215
scoring_system epss
scoring_elements 0.43996
published_at 2026-04-13T12:55:00Z
10
value 0.00215
scoring_system epss
scoring_elements 0.44058
published_at 2026-04-16T12:55:00Z
11
value 0.00215
scoring_system epss
scoring_elements 0.44049
published_at 2026-04-18T12:55:00Z
12
value 0.00215
scoring_system epss
scoring_elements 0.43983
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1406
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1406
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wt3g-99mt-uug6
294
url VCID-wvtd-44nu-ckgb
vulnerability_id VCID-wvtd-44nu-ckgb
summary Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1423
reference_id
reference_type
scores
0
value 0.00093
scoring_system epss
scoring_elements 0.25973
published_at 2026-04-24T12:55:00Z
1
value 0.00093
scoring_system epss
scoring_elements 0.26174
published_at 2026-04-01T12:55:00Z
2
value 0.00093
scoring_system epss
scoring_elements 0.26255
published_at 2026-04-02T12:55:00Z
3
value 0.00093
scoring_system epss
scoring_elements 0.26296
published_at 2026-04-04T12:55:00Z
4
value 0.00093
scoring_system epss
scoring_elements 0.26066
published_at 2026-04-07T12:55:00Z
5
value 0.00093
scoring_system epss
scoring_elements 0.26133
published_at 2026-04-08T12:55:00Z
6
value 0.00093
scoring_system epss
scoring_elements 0.26181
published_at 2026-04-09T12:55:00Z
7
value 0.00093
scoring_system epss
scoring_elements 0.26189
published_at 2026-04-11T12:55:00Z
8
value 0.00093
scoring_system epss
scoring_elements 0.26143
published_at 2026-04-12T12:55:00Z
9
value 0.00093
scoring_system epss
scoring_elements 0.26085
published_at 2026-04-13T12:55:00Z
10
value 0.00093
scoring_system epss
scoring_elements 0.26091
published_at 2026-04-16T12:55:00Z
11
value 0.00093
scoring_system epss
scoring_elements 0.26069
published_at 2026-04-18T12:55:00Z
12
value 0.00093
scoring_system epss
scoring_elements 0.26034
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1423
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1423
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wvtd-44nu-ckgb
295
url VCID-wyff-62y3-9qdq
vulnerability_id VCID-wyff-62y3-9qdq
summary An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2456
reference_id
reference_type
scores
0
value 0.00207
scoring_system epss
scoring_elements 0.43051
published_at 2026-04-24T12:55:00Z
1
value 0.00207
scoring_system epss
scoring_elements 0.4313
published_at 2026-04-02T12:55:00Z
2
value 0.00207
scoring_system epss
scoring_elements 0.43157
published_at 2026-04-04T12:55:00Z
3
value 0.00207
scoring_system epss
scoring_elements 0.43096
published_at 2026-04-07T12:55:00Z
4
value 0.00207
scoring_system epss
scoring_elements 0.43149
published_at 2026-04-12T12:55:00Z
5
value 0.00207
scoring_system epss
scoring_elements 0.43161
published_at 2026-04-09T12:55:00Z
6
value 0.00207
scoring_system epss
scoring_elements 0.43182
published_at 2026-04-11T12:55:00Z
7
value 0.00207
scoring_system epss
scoring_elements 0.43134
published_at 2026-04-13T12:55:00Z
8
value 0.00207
scoring_system epss
scoring_elements 0.43193
published_at 2026-04-16T12:55:00Z
9
value 0.00207
scoring_system epss
scoring_elements 0.43183
published_at 2026-04-18T12:55:00Z
10
value 0.00207
scoring_system epss
scoring_elements 0.43116
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2456
1
reference_url https://security.archlinux.org/AVG-2785
reference_id AVG-2785
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2785
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2456
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wyff-62y3-9qdq
296
url VCID-wzva-tq72-muar
vulnerability_id VCID-wzva-tq72-muar
summary An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that a maintainer of a project had the right access to import members from a target project.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0125
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51368
published_at 2026-04-01T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51419
published_at 2026-04-02T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.51446
published_at 2026-04-04T12:55:00Z
3
value 0.00281
scoring_system epss
scoring_elements 0.51405
published_at 2026-04-07T12:55:00Z
4
value 0.00281
scoring_system epss
scoring_elements 0.51459
published_at 2026-04-08T12:55:00Z
5
value 0.00281
scoring_system epss
scoring_elements 0.51457
published_at 2026-04-09T12:55:00Z
6
value 0.00281
scoring_system epss
scoring_elements 0.515
published_at 2026-04-11T12:55:00Z
7
value 0.00281
scoring_system epss
scoring_elements 0.51478
published_at 2026-04-12T12:55:00Z
8
value 0.00281
scoring_system epss
scoring_elements 0.51466
published_at 2026-04-13T12:55:00Z
9
value 0.00281
scoring_system epss
scoring_elements 0.51508
published_at 2026-04-16T12:55:00Z
10
value 0.00281
scoring_system epss
scoring_elements 0.51516
published_at 2026-04-18T12:55:00Z
11
value 0.00281
scoring_system epss
scoring_elements 0.51494
published_at 2026-04-21T12:55:00Z
12
value 0.00281
scoring_system epss
scoring_elements 0.51447
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0125
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0125
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wzva-tq72-muar
297
url VCID-x181-ggwj-b7hu
vulnerability_id VCID-x181-ggwj-b7hu
summary An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2270
reference_id
reference_type
scores
0
value 0.00156
scoring_system epss
scoring_elements 0.3644
published_at 2026-04-02T12:55:00Z
1
value 0.00156
scoring_system epss
scoring_elements 0.36473
published_at 2026-04-04T12:55:00Z
2
value 0.00156
scoring_system epss
scoring_elements 0.36308
published_at 2026-04-07T12:55:00Z
3
value 0.00156
scoring_system epss
scoring_elements 0.36356
published_at 2026-04-08T12:55:00Z
4
value 0.00156
scoring_system epss
scoring_elements 0.36377
published_at 2026-04-09T12:55:00Z
5
value 0.00156
scoring_system epss
scoring_elements 0.36384
published_at 2026-04-11T12:55:00Z
6
value 0.00156
scoring_system epss
scoring_elements 0.36348
published_at 2026-04-12T12:55:00Z
7
value 0.00156
scoring_system epss
scoring_elements 0.36326
published_at 2026-04-13T12:55:00Z
8
value 0.00156
scoring_system epss
scoring_elements 0.36368
published_at 2026-04-16T12:55:00Z
9
value 0.00156
scoring_system epss
scoring_elements 0.36351
published_at 2026-04-18T12:55:00Z
10
value 0.00156
scoring_system epss
scoring_elements 0.36298
published_at 2026-04-21T12:55:00Z
11
value 0.00156
scoring_system epss
scoring_elements 0.36067
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2270
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2270
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x181-ggwj-b7hu
298
url VCID-xghp-wud9-6ues
vulnerability_id VCID-xghp-wud9-6ues
summary Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1099
reference_id
reference_type
scores
0
value 0.00166
scoring_system epss
scoring_elements 0.37666
published_at 2026-04-01T12:55:00Z
1
value 0.00166
scoring_system epss
scoring_elements 0.37848
published_at 2026-04-02T12:55:00Z
2
value 0.00166
scoring_system epss
scoring_elements 0.37873
published_at 2026-04-04T12:55:00Z
3
value 0.00166
scoring_system epss
scoring_elements 0.37751
published_at 2026-04-07T12:55:00Z
4
value 0.00166
scoring_system epss
scoring_elements 0.37802
published_at 2026-04-08T12:55:00Z
5
value 0.00166
scoring_system epss
scoring_elements 0.37814
published_at 2026-04-09T12:55:00Z
6
value 0.00166
scoring_system epss
scoring_elements 0.37829
published_at 2026-04-11T12:55:00Z
7
value 0.00166
scoring_system epss
scoring_elements 0.37793
published_at 2026-04-12T12:55:00Z
8
value 0.00166
scoring_system epss
scoring_elements 0.37768
published_at 2026-04-13T12:55:00Z
9
value 0.00166
scoring_system epss
scoring_elements 0.37816
published_at 2026-04-16T12:55:00Z
10
value 0.00166
scoring_system epss
scoring_elements 0.37797
published_at 2026-04-18T12:55:00Z
11
value 0.00166
scoring_system epss
scoring_elements 0.37736
published_at 2026-04-21T12:55:00Z
12
value 0.00166
scoring_system epss
scoring_elements 0.37498
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1099
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1099
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xghp-wud9-6ues
299
url VCID-xjjb-9h1m-puf7
vulnerability_id VCID-xjjb-9h1m-puf7
summary A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1733
reference_id
reference_type
scores
0
value 0.00627
scoring_system epss
scoring_elements 0.70193
published_at 2026-04-04T12:55:00Z
1
value 0.00627
scoring_system epss
scoring_elements 0.70176
published_at 2026-04-02T12:55:00Z
2
value 0.01681
scoring_system epss
scoring_elements 0.82243
published_at 2026-04-24T12:55:00Z
3
value 0.01681
scoring_system epss
scoring_elements 0.82197
published_at 2026-04-11T12:55:00Z
4
value 0.01681
scoring_system epss
scoring_elements 0.82189
published_at 2026-04-12T12:55:00Z
5
value 0.01681
scoring_system epss
scoring_elements 0.82183
published_at 2026-04-13T12:55:00Z
6
value 0.01681
scoring_system epss
scoring_elements 0.82219
published_at 2026-04-16T12:55:00Z
7
value 0.01681
scoring_system epss
scoring_elements 0.8222
published_at 2026-04-18T12:55:00Z
8
value 0.01681
scoring_system epss
scoring_elements 0.82221
published_at 2026-04-21T12:55:00Z
9
value 0.01681
scoring_system epss
scoring_elements 0.82145
published_at 2026-04-07T12:55:00Z
10
value 0.01681
scoring_system epss
scoring_elements 0.82171
published_at 2026-04-08T12:55:00Z
11
value 0.01681
scoring_system epss
scoring_elements 0.82178
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1733
1
reference_url https://hackerone.com/reports/1723124
reference_id 1723124
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:45:04Z/
url https://hackerone.com/reports/1723124
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/392665
reference_id 392665
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:45:04Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/392665
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1733.json
reference_id CVE-2023-1733.json
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:45:04Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1733.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-1733
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xjjb-9h1m-puf7
300
url VCID-xm82-tdpb-buf6
vulnerability_id VCID-xm82-tdpb-buf6
summary A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39914
reference_id
reference_type
scores
0
value 0.00176
scoring_system epss
scoring_elements 0.38863
published_at 2026-04-24T12:55:00Z
1
value 0.00176
scoring_system epss
scoring_elements 0.38982
published_at 2026-04-01T12:55:00Z
2
value 0.00176
scoring_system epss
scoring_elements 0.39169
published_at 2026-04-02T12:55:00Z
3
value 0.00176
scoring_system epss
scoring_elements 0.3919
published_at 2026-04-04T12:55:00Z
4
value 0.00176
scoring_system epss
scoring_elements 0.3911
published_at 2026-04-07T12:55:00Z
5
value 0.00176
scoring_system epss
scoring_elements 0.39164
published_at 2026-04-08T12:55:00Z
6
value 0.00176
scoring_system epss
scoring_elements 0.39181
published_at 2026-04-09T12:55:00Z
7
value 0.00176
scoring_system epss
scoring_elements 0.39192
published_at 2026-04-11T12:55:00Z
8
value 0.00176
scoring_system epss
scoring_elements 0.39156
published_at 2026-04-12T12:55:00Z
9
value 0.00176
scoring_system epss
scoring_elements 0.39137
published_at 2026-04-13T12:55:00Z
10
value 0.00176
scoring_system epss
scoring_elements 0.39191
published_at 2026-04-16T12:55:00Z
11
value 0.00176
scoring_system epss
scoring_elements 0.39161
published_at 2026-04-18T12:55:00Z
12
value 0.00176
scoring_system epss
scoring_elements 0.39072
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39914
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39914
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xm82-tdpb-buf6
301
url VCID-xmw9-9v8j-pbej
vulnerability_id VCID-xmw9-9v8j-pbej
summary An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0167
reference_id
reference_type
scores
0
value 0.00203
scoring_system epss
scoring_elements 0.42325
published_at 2026-04-01T12:55:00Z
1
value 0.00203
scoring_system epss
scoring_elements 0.42396
published_at 2026-04-02T12:55:00Z
2
value 0.00203
scoring_system epss
scoring_elements 0.42426
published_at 2026-04-04T12:55:00Z
3
value 0.00203
scoring_system epss
scoring_elements 0.42364
published_at 2026-04-07T12:55:00Z
4
value 0.00203
scoring_system epss
scoring_elements 0.42414
published_at 2026-04-08T12:55:00Z
5
value 0.00203
scoring_system epss
scoring_elements 0.42421
published_at 2026-04-09T12:55:00Z
6
value 0.00203
scoring_system epss
scoring_elements 0.42444
published_at 2026-04-11T12:55:00Z
7
value 0.00203
scoring_system epss
scoring_elements 0.42408
published_at 2026-04-12T12:55:00Z
8
value 0.00203
scoring_system epss
scoring_elements 0.42378
published_at 2026-04-13T12:55:00Z
9
value 0.00203
scoring_system epss
scoring_elements 0.42427
published_at 2026-04-16T12:55:00Z
10
value 0.00203
scoring_system epss
scoring_elements 0.42402
published_at 2026-04-18T12:55:00Z
11
value 0.00203
scoring_system epss
scoring_elements 0.4233
published_at 2026-04-21T12:55:00Z
12
value 0.00203
scoring_system epss
scoring_elements 0.42266
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0167
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0167
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xmw9-9v8j-pbej
302
url VCID-xqjr-rs4y-h3as
vulnerability_id VCID-xqjr-rs4y-h3as
summary Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3413
reference_id
reference_type
scores
0
value 0.0018
scoring_system epss
scoring_elements 0.39368
published_at 2026-04-24T12:55:00Z
1
value 0.0018
scoring_system epss
scoring_elements 0.3966
published_at 2026-04-16T12:55:00Z
2
value 0.0018
scoring_system epss
scoring_elements 0.39632
published_at 2026-04-18T12:55:00Z
3
value 0.0018
scoring_system epss
scoring_elements 0.39548
published_at 2026-04-21T12:55:00Z
4
value 0.0018
scoring_system epss
scoring_elements 0.39645
published_at 2026-04-02T12:55:00Z
5
value 0.0018
scoring_system epss
scoring_elements 0.39667
published_at 2026-04-04T12:55:00Z
6
value 0.0018
scoring_system epss
scoring_elements 0.39585
published_at 2026-04-07T12:55:00Z
7
value 0.0018
scoring_system epss
scoring_elements 0.39639
published_at 2026-04-08T12:55:00Z
8
value 0.0018
scoring_system epss
scoring_elements 0.39653
published_at 2026-04-09T12:55:00Z
9
value 0.0018
scoring_system epss
scoring_elements 0.39662
published_at 2026-04-11T12:55:00Z
10
value 0.0018
scoring_system epss
scoring_elements 0.39626
published_at 2026-04-12T12:55:00Z
11
value 0.0018
scoring_system epss
scoring_elements 0.39609
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3413
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/374926
reference_id 374926
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T15:53:11Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/374926
2
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3413.json
reference_id CVE-2022-3413.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T15:53:11Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3413.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3413
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xqjr-rs4y-h3as
303
url VCID-xszd-bfvr-jfcv
vulnerability_id VCID-xszd-bfvr-jfcv
summary Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1193
reference_id
reference_type
scores
0
value 0.00139
scoring_system epss
scoring_elements 0.33743
published_at 2026-04-01T12:55:00Z
1
value 0.00139
scoring_system epss
scoring_elements 0.3408
published_at 2026-04-02T12:55:00Z
2
value 0.00139
scoring_system epss
scoring_elements 0.34111
published_at 2026-04-04T12:55:00Z
3
value 0.00139
scoring_system epss
scoring_elements 0.3397
published_at 2026-04-07T12:55:00Z
4
value 0.00139
scoring_system epss
scoring_elements 0.34013
published_at 2026-04-08T12:55:00Z
5
value 0.00139
scoring_system epss
scoring_elements 0.34044
published_at 2026-04-09T12:55:00Z
6
value 0.00139
scoring_system epss
scoring_elements 0.34043
published_at 2026-04-11T12:55:00Z
7
value 0.00139
scoring_system epss
scoring_elements 0.34
published_at 2026-04-12T12:55:00Z
8
value 0.00139
scoring_system epss
scoring_elements 0.33977
published_at 2026-04-13T12:55:00Z
9
value 0.00139
scoring_system epss
scoring_elements 0.3401
published_at 2026-04-16T12:55:00Z
10
value 0.00139
scoring_system epss
scoring_elements 0.33998
published_at 2026-04-18T12:55:00Z
11
value 0.00139
scoring_system epss
scoring_elements 0.33966
published_at 2026-04-21T12:55:00Z
12
value 0.00139
scoring_system epss
scoring_elements 0.33597
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1193
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1193
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xszd-bfvr-jfcv
304
url VCID-xu87-25zb-eycc
vulnerability_id VCID-xu87-25zb-eycc
summary An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3279
reference_id
reference_type
scores
0
value 0.00706
scoring_system epss
scoring_elements 0.72209
published_at 2026-04-24T12:55:00Z
1
value 0.00706
scoring_system epss
scoring_elements 0.72146
published_at 2026-04-12T12:55:00Z
2
value 0.00706
scoring_system epss
scoring_elements 0.72132
published_at 2026-04-13T12:55:00Z
3
value 0.00706
scoring_system epss
scoring_elements 0.72173
published_at 2026-04-16T12:55:00Z
4
value 0.00706
scoring_system epss
scoring_elements 0.72181
published_at 2026-04-18T12:55:00Z
5
value 0.00706
scoring_system epss
scoring_elements 0.72166
published_at 2026-04-21T12:55:00Z
6
value 0.00706
scoring_system epss
scoring_elements 0.72093
published_at 2026-04-02T12:55:00Z
7
value 0.00706
scoring_system epss
scoring_elements 0.72113
published_at 2026-04-04T12:55:00Z
8
value 0.00706
scoring_system epss
scoring_elements 0.7209
published_at 2026-04-07T12:55:00Z
9
value 0.00706
scoring_system epss
scoring_elements 0.72127
published_at 2026-04-08T12:55:00Z
10
value 0.00706
scoring_system epss
scoring_elements 0.72139
published_at 2026-04-09T12:55:00Z
11
value 0.00706
scoring_system epss
scoring_elements 0.72161
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3279
1
reference_url https://hackerone.com/reports/1587261
reference_id 1587261
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:49:59Z/
url https://hackerone.com/reports/1587261
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/364249
reference_id 364249
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:49:59Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/364249
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3279.json
reference_id CVE-2022-3279.json
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:49:59Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3279.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3279
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xu87-25zb-eycc
305
url VCID-xuub-mcj4-rqhg
vulnerability_id VCID-xuub-mcj4-rqhg
summary Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22236
reference_id
reference_type
scores
0
value 0.00225
scoring_system epss
scoring_elements 0.45146
published_at 2026-04-24T12:55:00Z
1
value 0.00225
scoring_system epss
scoring_elements 0.45147
published_at 2026-04-01T12:55:00Z
2
value 0.00225
scoring_system epss
scoring_elements 0.45228
published_at 2026-04-02T12:55:00Z
3
value 0.00225
scoring_system epss
scoring_elements 0.45249
published_at 2026-04-04T12:55:00Z
4
value 0.00225
scoring_system epss
scoring_elements 0.45192
published_at 2026-04-07T12:55:00Z
5
value 0.00225
scoring_system epss
scoring_elements 0.45248
published_at 2026-04-08T12:55:00Z
6
value 0.00225
scoring_system epss
scoring_elements 0.45247
published_at 2026-04-09T12:55:00Z
7
value 0.00225
scoring_system epss
scoring_elements 0.45269
published_at 2026-04-11T12:55:00Z
8
value 0.00225
scoring_system epss
scoring_elements 0.45237
published_at 2026-04-12T12:55:00Z
9
value 0.00225
scoring_system epss
scoring_elements 0.45239
published_at 2026-04-13T12:55:00Z
10
value 0.00225
scoring_system epss
scoring_elements 0.4529
published_at 2026-04-16T12:55:00Z
11
value 0.00225
scoring_system epss
scoring_elements 0.45285
published_at 2026-04-18T12:55:00Z
12
value 0.00225
scoring_system epss
scoring_elements 0.45235
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22236
1
reference_url https://security.archlinux.org/ASA-202108-7
reference_id ASA-202108-7
reference_type
scores
url https://security.archlinux.org/ASA-202108-7
2
reference_url https://security.archlinux.org/AVG-2251
reference_id AVG-2251
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2251
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22236
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xuub-mcj4-rqhg
306
url VCID-xvyx-62q5-m7cn
vulnerability_id VCID-xvyx-62q5-m7cn
summary An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth provider.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4037
reference_id
reference_type
scores
0
value 0.00582
scoring_system epss
scoring_elements 0.69027
published_at 2026-04-24T12:55:00Z
1
value 0.00582
scoring_system epss
scoring_elements 0.68975
published_at 2026-04-12T12:55:00Z
2
value 0.00582
scoring_system epss
scoring_elements 0.68945
published_at 2026-04-13T12:55:00Z
3
value 0.00582
scoring_system epss
scoring_elements 0.68987
published_at 2026-04-16T12:55:00Z
4
value 0.00582
scoring_system epss
scoring_elements 0.68997
published_at 2026-04-18T12:55:00Z
5
value 0.00582
scoring_system epss
scoring_elements 0.68976
published_at 2026-04-21T12:55:00Z
6
value 0.00582
scoring_system epss
scoring_elements 0.68897
published_at 2026-04-02T12:55:00Z
7
value 0.00582
scoring_system epss
scoring_elements 0.68918
published_at 2026-04-04T12:55:00Z
8
value 0.00582
scoring_system epss
scoring_elements 0.68898
published_at 2026-04-07T12:55:00Z
9
value 0.00582
scoring_system epss
scoring_elements 0.68948
published_at 2026-04-08T12:55:00Z
10
value 0.00582
scoring_system epss
scoring_elements 0.68967
published_at 2026-04-09T12:55:00Z
11
value 0.00582
scoring_system epss
scoring_elements 0.6899
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4037
1
reference_url https://hackerone.com/reports/1772543
reference_id 1772543
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:21:35Z/
url https://hackerone.com/reports/1772543
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/382957
reference_id 382957
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:21:35Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/382957
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4037.json
reference_id CVE-2022-4037.json
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:21:35Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4037.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-4037
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xvyx-62q5-m7cn
307
url VCID-y355-57xu-4bet
vulnerability_id VCID-y355-57xu-4bet
summary In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39892
reference_id
reference_type
scores
0
value 0.00297
scoring_system epss
scoring_elements 0.53012
published_at 2026-04-24T12:55:00Z
1
value 0.00297
scoring_system epss
scoring_elements 0.5294
published_at 2026-04-01T12:55:00Z
2
value 0.00297
scoring_system epss
scoring_elements 0.52965
published_at 2026-04-02T12:55:00Z
3
value 0.00297
scoring_system epss
scoring_elements 0.5299
published_at 2026-04-04T12:55:00Z
4
value 0.00297
scoring_system epss
scoring_elements 0.52958
published_at 2026-04-07T12:55:00Z
5
value 0.00297
scoring_system epss
scoring_elements 0.53009
published_at 2026-04-08T12:55:00Z
6
value 0.00297
scoring_system epss
scoring_elements 0.53002
published_at 2026-04-09T12:55:00Z
7
value 0.00297
scoring_system epss
scoring_elements 0.53052
published_at 2026-04-11T12:55:00Z
8
value 0.00297
scoring_system epss
scoring_elements 0.53036
published_at 2026-04-12T12:55:00Z
9
value 0.00297
scoring_system epss
scoring_elements 0.53019
published_at 2026-04-13T12:55:00Z
10
value 0.00297
scoring_system epss
scoring_elements 0.53056
published_at 2026-04-16T12:55:00Z
11
value 0.00297
scoring_system epss
scoring_elements 0.53063
published_at 2026-04-18T12:55:00Z
12
value 0.00297
scoring_system epss
scoring_elements 0.53045
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39892
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39892
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y355-57xu-4bet
308
url VCID-y7s4-my4s-eucm
vulnerability_id VCID-y7s4-my4s-eucm
summary When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22175
reference_id
reference_type
scores
0
value 0.66154
scoring_system epss
scoring_elements 0.98507
published_at 2026-04-01T12:55:00Z
1
value 0.66154
scoring_system epss
scoring_elements 0.98509
published_at 2026-04-02T12:55:00Z
2
value 0.66154
scoring_system epss
scoring_elements 0.98511
published_at 2026-04-04T12:55:00Z
3
value 0.66154
scoring_system epss
scoring_elements 0.98512
published_at 2026-04-07T12:55:00Z
4
value 0.66154
scoring_system epss
scoring_elements 0.98515
published_at 2026-04-08T12:55:00Z
5
value 0.66154
scoring_system epss
scoring_elements 0.98517
published_at 2026-04-09T12:55:00Z
6
value 0.66154
scoring_system epss
scoring_elements 0.98519
published_at 2026-04-13T12:55:00Z
7
value 0.66154
scoring_system epss
scoring_elements 0.98518
published_at 2026-04-12T12:55:00Z
8
value 0.66154
scoring_system epss
scoring_elements 0.98525
published_at 2026-04-18T12:55:00Z
9
value 0.71157
scoring_system epss
scoring_elements 0.98716
published_at 2026-04-21T12:55:00Z
10
value 0.71157
scoring_system epss
scoring_elements 0.9872
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22175
1
reference_url https://hackerone.com/reports/1059596
reference_id 1059596
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T16:52:37Z/
url https://hackerone.com/reports/1059596
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/294178
reference_id 294178
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T16:52:37Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/294178
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json
reference_id CVE-2021-22175.json
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T16:52:37Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22175
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y7s4-my4s-eucm
309
url VCID-y8p4-aqpq-ykbk
vulnerability_id VCID-y8p4-aqpq-ykbk
summary In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39868
reference_id
reference_type
scores
0
value 0.00293
scoring_system epss
scoring_elements 0.52603
published_at 2026-04-24T12:55:00Z
1
value 0.00293
scoring_system epss
scoring_elements 0.52519
published_at 2026-04-01T12:55:00Z
2
value 0.00293
scoring_system epss
scoring_elements 0.52565
published_at 2026-04-02T12:55:00Z
3
value 0.00293
scoring_system epss
scoring_elements 0.52591
published_at 2026-04-04T12:55:00Z
4
value 0.00293
scoring_system epss
scoring_elements 0.52558
published_at 2026-04-07T12:55:00Z
5
value 0.00293
scoring_system epss
scoring_elements 0.52609
published_at 2026-04-08T12:55:00Z
6
value 0.00293
scoring_system epss
scoring_elements 0.52604
published_at 2026-04-09T12:55:00Z
7
value 0.00293
scoring_system epss
scoring_elements 0.52654
published_at 2026-04-11T12:55:00Z
8
value 0.00293
scoring_system epss
scoring_elements 0.52637
published_at 2026-04-12T12:55:00Z
9
value 0.00293
scoring_system epss
scoring_elements 0.52623
published_at 2026-04-13T12:55:00Z
10
value 0.00293
scoring_system epss
scoring_elements 0.52661
published_at 2026-04-16T12:55:00Z
11
value 0.00293
scoring_system epss
scoring_elements 0.52668
published_at 2026-04-18T12:55:00Z
12
value 0.00293
scoring_system epss
scoring_elements 0.52652
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39868
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39868
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8p4-aqpq-ykbk
310
url VCID-y93u-mrdn-abe3
vulnerability_id VCID-y93u-mrdn-abe3
summary A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22216
reference_id
reference_type
scores
0
value 0.00171
scoring_system epss
scoring_elements 0.38122
published_at 2026-04-24T12:55:00Z
1
value 0.00171
scoring_system epss
scoring_elements 0.3828
published_at 2026-04-01T12:55:00Z
2
value 0.00171
scoring_system epss
scoring_elements 0.38418
published_at 2026-04-02T12:55:00Z
3
value 0.00171
scoring_system epss
scoring_elements 0.38442
published_at 2026-04-04T12:55:00Z
4
value 0.00171
scoring_system epss
scoring_elements 0.38306
published_at 2026-04-07T12:55:00Z
5
value 0.00171
scoring_system epss
scoring_elements 0.38356
published_at 2026-04-08T12:55:00Z
6
value 0.00171
scoring_system epss
scoring_elements 0.38364
published_at 2026-04-09T12:55:00Z
7
value 0.00171
scoring_system epss
scoring_elements 0.38381
published_at 2026-04-11T12:55:00Z
8
value 0.00171
scoring_system epss
scoring_elements 0.38343
published_at 2026-04-12T12:55:00Z
9
value 0.00171
scoring_system epss
scoring_elements 0.38318
published_at 2026-04-13T12:55:00Z
10
value 0.00171
scoring_system epss
scoring_elements 0.38366
published_at 2026-04-16T12:55:00Z
11
value 0.00171
scoring_system epss
scoring_elements 0.38346
published_at 2026-04-18T12:55:00Z
12
value 0.00171
scoring_system epss
scoring_elements 0.38281
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22216
1
reference_url https://security.archlinux.org/ASA-202106-21
reference_id ASA-202106-21
reference_type
scores
url https://security.archlinux.org/ASA-202106-21
2
reference_url https://security.archlinux.org/AVG-2023
reference_id AVG-2023
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2023
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22216
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y93u-mrdn-abe3
311
url VCID-yc3d-cash-qybt
vulnerability_id VCID-yc3d-cash-qybt
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user avatars using the victim's user ID, on private instances that restrict public level visibility.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3870
reference_id
reference_type
scores
0
value 0.01233
scoring_system epss
scoring_elements 0.7924
published_at 2026-04-24T12:55:00Z
1
value 0.01233
scoring_system epss
scoring_elements 0.79207
published_at 2026-04-11T12:55:00Z
2
value 0.01233
scoring_system epss
scoring_elements 0.79192
published_at 2026-04-12T12:55:00Z
3
value 0.01233
scoring_system epss
scoring_elements 0.79183
published_at 2026-04-13T12:55:00Z
4
value 0.01233
scoring_system epss
scoring_elements 0.79209
published_at 2026-04-16T12:55:00Z
5
value 0.01233
scoring_system epss
scoring_elements 0.79206
published_at 2026-04-21T12:55:00Z
6
value 0.01233
scoring_system epss
scoring_elements 0.79138
published_at 2026-04-02T12:55:00Z
7
value 0.01233
scoring_system epss
scoring_elements 0.79163
published_at 2026-04-04T12:55:00Z
8
value 0.01233
scoring_system epss
scoring_elements 0.79149
published_at 2026-04-07T12:55:00Z
9
value 0.01233
scoring_system epss
scoring_elements 0.79174
published_at 2026-04-08T12:55:00Z
10
value 0.01233
scoring_system epss
scoring_elements 0.79182
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3870
1
reference_url https://hackerone.com/reports/1753423
reference_id 1753423
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-09T13:14:38Z/
url https://hackerone.com/reports/1753423
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/381647
reference_id 381647
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-09T13:14:38Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/381647
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3870.json
reference_id CVE-2022-3870.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-09T13:14:38Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3870.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3870
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yc3d-cash-qybt
312
url VCID-ye5q-51wd-53c5
vulnerability_id VCID-ye5q-51wd-53c5
summary Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22223
reference_id
reference_type
scores
0
value 0.00185
scoring_system epss
scoring_elements 0.39995
published_at 2026-04-24T12:55:00Z
1
value 0.00185
scoring_system epss
scoring_elements 0.40114
published_at 2026-04-01T12:55:00Z
2
value 0.00185
scoring_system epss
scoring_elements 0.40264
published_at 2026-04-08T12:55:00Z
3
value 0.00185
scoring_system epss
scoring_elements 0.40289
published_at 2026-04-04T12:55:00Z
4
value 0.00185
scoring_system epss
scoring_elements 0.40211
published_at 2026-04-07T12:55:00Z
5
value 0.00185
scoring_system epss
scoring_elements 0.40275
published_at 2026-04-09T12:55:00Z
6
value 0.00185
scoring_system epss
scoring_elements 0.40286
published_at 2026-04-11T12:55:00Z
7
value 0.00185
scoring_system epss
scoring_elements 0.40249
published_at 2026-04-12T12:55:00Z
8
value 0.00185
scoring_system epss
scoring_elements 0.40229
published_at 2026-04-13T12:55:00Z
9
value 0.00185
scoring_system epss
scoring_elements 0.40276
published_at 2026-04-16T12:55:00Z
10
value 0.00185
scoring_system epss
scoring_elements 0.40245
published_at 2026-04-18T12:55:00Z
11
value 0.00185
scoring_system epss
scoring_elements 0.40169
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22223
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22223
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ye5q-51wd-53c5
313
url VCID-yfzm-n8gu-qfbm
vulnerability_id VCID-yfzm-n8gu-qfbm
summary In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39908
reference_id
reference_type
scores
0
value 0.0018
scoring_system epss
scoring_elements 0.39601
published_at 2026-04-12T12:55:00Z
1
value 0.0018
scoring_system epss
scoring_elements 0.39585
published_at 2026-04-13T12:55:00Z
2
value 0.0018
scoring_system epss
scoring_elements 0.39636
published_at 2026-04-16T12:55:00Z
3
value 0.0018
scoring_system epss
scoring_elements 0.39606
published_at 2026-04-18T12:55:00Z
4
value 0.0018
scoring_system epss
scoring_elements 0.39523
published_at 2026-04-21T12:55:00Z
5
value 0.0018
scoring_system epss
scoring_elements 0.39343
published_at 2026-04-24T12:55:00Z
6
value 0.00299
scoring_system epss
scoring_elements 0.53193
published_at 2026-04-01T12:55:00Z
7
value 0.00299
scoring_system epss
scoring_elements 0.53308
published_at 2026-04-11T12:55:00Z
8
value 0.00299
scoring_system epss
scoring_elements 0.53217
published_at 2026-04-02T12:55:00Z
9
value 0.00299
scoring_system epss
scoring_elements 0.53242
published_at 2026-04-04T12:55:00Z
10
value 0.00299
scoring_system epss
scoring_elements 0.5321
published_at 2026-04-07T12:55:00Z
11
value 0.00299
scoring_system epss
scoring_elements 0.53262
published_at 2026-04-08T12:55:00Z
12
value 0.00299
scoring_system epss
scoring_elements 0.53257
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39908
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39908
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yfzm-n8gu-qfbm
314
url VCID-ygwj-5n23-7qbm
vulnerability_id VCID-ygwj-5n23-7qbm
summary A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1162
reference_id
reference_type
scores
0
value 0.87606
scoring_system epss
scoring_elements 0.9947
published_at 2026-04-24T12:55:00Z
1
value 0.87606
scoring_system epss
scoring_elements 0.99469
published_at 2026-04-21T12:55:00Z
2
value 0.88912
scoring_system epss
scoring_elements 0.99518
published_at 2026-04-04T12:55:00Z
3
value 0.88912
scoring_system epss
scoring_elements 0.99519
published_at 2026-04-07T12:55:00Z
4
value 0.88912
scoring_system epss
scoring_elements 0.9952
published_at 2026-04-09T12:55:00Z
5
value 0.88912
scoring_system epss
scoring_elements 0.99524
published_at 2026-04-16T12:55:00Z
6
value 0.88912
scoring_system epss
scoring_elements 0.99525
published_at 2026-04-18T12:55:00Z
7
value 0.88912
scoring_system epss
scoring_elements 0.99521
published_at 2026-04-13T12:55:00Z
8
value 0.88912
scoring_system epss
scoring_elements 0.99517
published_at 2026-04-02T12:55:00Z
9
value 0.89478
scoring_system epss
scoring_elements 0.99548
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1162
1
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/50888.txt
reference_id CVE-2022-1162
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/50888.txt
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1162
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ygwj-5n23-7qbm
315
url VCID-ykmk-ymk1-b3a6
vulnerability_id VCID-ykmk-ymk1-b3a6
summary An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user enumeration on such instances.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22257
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.44337
published_at 2026-04-24T12:55:00Z
1
value 0.00218
scoring_system epss
scoring_elements 0.4437
published_at 2026-04-01T12:55:00Z
2
value 0.00218
scoring_system epss
scoring_elements 0.44441
published_at 2026-04-12T12:55:00Z
3
value 0.00218
scoring_system epss
scoring_elements 0.44462
published_at 2026-04-04T12:55:00Z
4
value 0.00218
scoring_system epss
scoring_elements 0.44397
published_at 2026-04-07T12:55:00Z
5
value 0.00218
scoring_system epss
scoring_elements 0.44448
published_at 2026-04-08T12:55:00Z
6
value 0.00218
scoring_system epss
scoring_elements 0.44455
published_at 2026-04-09T12:55:00Z
7
value 0.00218
scoring_system epss
scoring_elements 0.44471
published_at 2026-04-11T12:55:00Z
8
value 0.00218
scoring_system epss
scoring_elements 0.4444
published_at 2026-04-13T12:55:00Z
9
value 0.00218
scoring_system epss
scoring_elements 0.44496
published_at 2026-04-16T12:55:00Z
10
value 0.00218
scoring_system epss
scoring_elements 0.44487
published_at 2026-04-18T12:55:00Z
11
value 0.00218
scoring_system epss
scoring_elements 0.44417
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22257
1
reference_url https://security.archlinux.org/AVG-2335
reference_id AVG-2335
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2335
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22257
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykmk-ymk1-b3a6
316
url VCID-ykza-d472-n7a4
vulnerability_id VCID-ykza-d472-n7a4
summary An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1510
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.43951
published_at 2026-04-24T12:55:00Z
1
value 0.00215
scoring_system epss
scoring_elements 0.43991
published_at 2026-04-01T12:55:00Z
2
value 0.00215
scoring_system epss
scoring_elements 0.44039
published_at 2026-04-02T12:55:00Z
3
value 0.00215
scoring_system epss
scoring_elements 0.44062
published_at 2026-04-11T12:55:00Z
4
value 0.00215
scoring_system epss
scoring_elements 0.43993
published_at 2026-04-07T12:55:00Z
5
value 0.00215
scoring_system epss
scoring_elements 0.44044
published_at 2026-04-08T12:55:00Z
6
value 0.00215
scoring_system epss
scoring_elements 0.44046
published_at 2026-04-09T12:55:00Z
7
value 0.00215
scoring_system epss
scoring_elements 0.44029
published_at 2026-04-12T12:55:00Z
8
value 0.00215
scoring_system epss
scoring_elements 0.44013
published_at 2026-04-13T12:55:00Z
9
value 0.00215
scoring_system epss
scoring_elements 0.44075
published_at 2026-04-16T12:55:00Z
10
value 0.00215
scoring_system epss
scoring_elements 0.44065
published_at 2026-04-18T12:55:00Z
11
value 0.00215
scoring_system epss
scoring_elements 0.44
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1510
1
reference_url https://security.archlinux.org/AVG-2696
reference_id AVG-2696
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2696
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1510
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykza-d472-n7a4
317
url VCID-ym7c-hy3t-eqd6
vulnerability_id VCID-ym7c-hy3t-eqd6
summary Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0751
reference_id
reference_type
scores
0
value 0.00258
scoring_system epss
scoring_elements 0.49097
published_at 2026-04-01T12:55:00Z
1
value 0.00258
scoring_system epss
scoring_elements 0.4913
published_at 2026-04-02T12:55:00Z
2
value 0.00258
scoring_system epss
scoring_elements 0.4916
published_at 2026-04-13T12:55:00Z
3
value 0.00258
scoring_system epss
scoring_elements 0.49112
published_at 2026-04-07T12:55:00Z
4
value 0.00258
scoring_system epss
scoring_elements 0.49166
published_at 2026-04-08T12:55:00Z
5
value 0.00258
scoring_system epss
scoring_elements 0.49163
published_at 2026-04-24T12:55:00Z
6
value 0.00258
scoring_system epss
scoring_elements 0.4918
published_at 2026-04-11T12:55:00Z
7
value 0.00258
scoring_system epss
scoring_elements 0.49154
published_at 2026-04-12T12:55:00Z
8
value 0.00258
scoring_system epss
scoring_elements 0.49206
published_at 2026-04-16T12:55:00Z
9
value 0.00258
scoring_system epss
scoring_elements 0.49205
published_at 2026-04-18T12:55:00Z
10
value 0.00258
scoring_system epss
scoring_elements 0.49174
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0751
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-0751
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ym7c-hy3t-eqd6
318
url VCID-ymr3-tjpk-y3eu
vulnerability_id VCID-ymr3-tjpk-y3eu
summary Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22243
reference_id
reference_type
scores
0
value 0.00179
scoring_system epss
scoring_elements 0.39342
published_at 2026-04-01T12:55:00Z
1
value 0.00179
scoring_system epss
scoring_elements 0.39504
published_at 2026-04-02T12:55:00Z
2
value 0.00179
scoring_system epss
scoring_elements 0.39527
published_at 2026-04-04T12:55:00Z
3
value 0.00179
scoring_system epss
scoring_elements 0.39441
published_at 2026-04-07T12:55:00Z
4
value 0.00179
scoring_system epss
scoring_elements 0.39497
published_at 2026-04-08T12:55:00Z
5
value 0.00179
scoring_system epss
scoring_elements 0.39513
published_at 2026-04-09T12:55:00Z
6
value 0.00179
scoring_system epss
scoring_elements 0.39523
published_at 2026-04-11T12:55:00Z
7
value 0.00179
scoring_system epss
scoring_elements 0.39485
published_at 2026-04-12T12:55:00Z
8
value 0.00179
scoring_system epss
scoring_elements 0.39468
published_at 2026-04-13T12:55:00Z
9
value 0.00179
scoring_system epss
scoring_elements 0.39519
published_at 2026-04-16T12:55:00Z
10
value 0.00179
scoring_system epss
scoring_elements 0.3949
published_at 2026-04-18T12:55:00Z
11
value 0.00179
scoring_system epss
scoring_elements 0.39406
published_at 2026-04-21T12:55:00Z
12
value 0.00179
scoring_system epss
scoring_elements 0.39211
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22243
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22243
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ymr3-tjpk-y3eu
319
url VCID-ynh3-5k1k-ukc7
vulnerability_id VCID-ynh3-5k1k-ukc7
summary An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1098
reference_id
reference_type
scores
0
value 0.00296
scoring_system epss
scoring_elements 0.52919
published_at 2026-04-04T12:55:00Z
1
value 0.00296
scoring_system epss
scoring_elements 0.52893
published_at 2026-04-02T12:55:00Z
2
value 0.00445
scoring_system epss
scoring_elements 0.63476
published_at 2026-04-24T12:55:00Z
3
value 0.00445
scoring_system epss
scoring_elements 0.63483
published_at 2026-04-11T12:55:00Z
4
value 0.00445
scoring_system epss
scoring_elements 0.63467
published_at 2026-04-12T12:55:00Z
5
value 0.00445
scoring_system epss
scoring_elements 0.63431
published_at 2026-04-13T12:55:00Z
6
value 0.00445
scoring_system epss
scoring_elements 0.63464
published_at 2026-04-16T12:55:00Z
7
value 0.00445
scoring_system epss
scoring_elements 0.63472
published_at 2026-04-18T12:55:00Z
8
value 0.00445
scoring_system epss
scoring_elements 0.63457
published_at 2026-04-21T12:55:00Z
9
value 0.00445
scoring_system epss
scoring_elements 0.63396
published_at 2026-04-07T12:55:00Z
10
value 0.00445
scoring_system epss
scoring_elements 0.63447
published_at 2026-04-08T12:55:00Z
11
value 0.00445
scoring_system epss
scoring_elements 0.63465
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1098
1
reference_url https://hackerone.com/reports/1784294
reference_id 1784294
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:57:56Z/
url https://hackerone.com/reports/1784294
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/383745
reference_id 383745
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:57:56Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/383745
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.json
reference_id CVE-2023-1098.json
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:57:56Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-1098
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ynh3-5k1k-ukc7
320
url VCID-yrc2-68dd-w7h9
vulnerability_id VCID-yrc2-68dd-w7h9
summary An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3030
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52154
published_at 2026-04-02T12:55:00Z
1
value 0.00288
scoring_system epss
scoring_elements 0.52181
published_at 2026-04-04T12:55:00Z
2
value 0.00288
scoring_system epss
scoring_elements 0.52146
published_at 2026-04-07T12:55:00Z
3
value 0.00288
scoring_system epss
scoring_elements 0.52199
published_at 2026-04-08T12:55:00Z
4
value 0.00288
scoring_system epss
scoring_elements 0.52195
published_at 2026-04-09T12:55:00Z
5
value 0.00288
scoring_system epss
scoring_elements 0.52246
published_at 2026-04-11T12:55:00Z
6
value 0.00303
scoring_system epss
scoring_elements 0.53639
published_at 2026-04-12T12:55:00Z
7
value 0.00303
scoring_system epss
scoring_elements 0.53622
published_at 2026-04-13T12:55:00Z
8
value 0.00303
scoring_system epss
scoring_elements 0.53659
published_at 2026-04-16T12:55:00Z
9
value 0.00303
scoring_system epss
scoring_elements 0.53664
published_at 2026-04-18T12:55:00Z
10
value 0.00303
scoring_system epss
scoring_elements 0.53647
published_at 2026-04-21T12:55:00Z
11
value 0.00303
scoring_system epss
scoring_elements 0.5361
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3030
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/37959
reference_id 37959
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:21:36Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/37959
2
reference_url https://hackerone.com/reports/749882
reference_id 749882
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:21:36Z/
url https://hackerone.com/reports/749882
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3030.json
reference_id CVE-2022-3030.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:21:36Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3030.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3030
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yrc2-68dd-w7h9
321
url VCID-ytck-scm4-n3hk
vulnerability_id VCID-ytck-scm4-n3hk
summary A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4007
reference_id
reference_type
scores
0
value 0.01089
scoring_system epss
scoring_elements 0.77993
published_at 2026-04-24T12:55:00Z
1
value 0.01089
scoring_system epss
scoring_elements 0.7795
published_at 2026-04-11T12:55:00Z
2
value 0.01089
scoring_system epss
scoring_elements 0.77933
published_at 2026-04-13T12:55:00Z
3
value 0.01089
scoring_system epss
scoring_elements 0.77968
published_at 2026-04-16T12:55:00Z
4
value 0.01089
scoring_system epss
scoring_elements 0.77967
published_at 2026-04-18T12:55:00Z
5
value 0.01089
scoring_system epss
scoring_elements 0.7796
published_at 2026-04-21T12:55:00Z
6
value 0.01089
scoring_system epss
scoring_elements 0.77882
published_at 2026-04-02T12:55:00Z
7
value 0.01089
scoring_system epss
scoring_elements 0.7791
published_at 2026-04-04T12:55:00Z
8
value 0.01089
scoring_system epss
scoring_elements 0.77892
published_at 2026-04-07T12:55:00Z
9
value 0.01089
scoring_system epss
scoring_elements 0.77919
published_at 2026-04-08T12:55:00Z
10
value 0.01089
scoring_system epss
scoring_elements 0.77923
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4007
1
reference_url https://hackerone.com/reports/1767745
reference_id 1767745
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T15:14:38Z/
url https://hackerone.com/reports/1767745
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/382789
reference_id 382789
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T15:14:38Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/382789
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4007.json
reference_id CVE-2022-4007.json
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T15:14:38Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4007.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-4007
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ytck-scm4-n3hk
322
url VCID-ytx6-dtyz-aydu
vulnerability_id VCID-ytx6-dtyz-aydu
summary Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22247
reference_id
reference_type
scores
0
value 0.00245
scoring_system epss
scoring_elements 0.47719
published_at 2026-04-01T12:55:00Z
1
value 0.00245
scoring_system epss
scoring_elements 0.47757
published_at 2026-04-02T12:55:00Z
2
value 0.00245
scoring_system epss
scoring_elements 0.47777
published_at 2026-04-12T12:55:00Z
3
value 0.00245
scoring_system epss
scoring_elements 0.47726
published_at 2026-04-07T12:55:00Z
4
value 0.00245
scoring_system epss
scoring_elements 0.4778
published_at 2026-04-08T12:55:00Z
5
value 0.00245
scoring_system epss
scoring_elements 0.47776
published_at 2026-04-09T12:55:00Z
6
value 0.00245
scoring_system epss
scoring_elements 0.47801
published_at 2026-04-11T12:55:00Z
7
value 0.00245
scoring_system epss
scoring_elements 0.47787
published_at 2026-04-21T12:55:00Z
8
value 0.00245
scoring_system epss
scoring_elements 0.47842
published_at 2026-04-16T12:55:00Z
9
value 0.00245
scoring_system epss
scoring_elements 0.47834
published_at 2026-04-18T12:55:00Z
10
value 0.00245
scoring_system epss
scoring_elements 0.4777
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22247
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22247
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ytx6-dtyz-aydu
323
url VCID-yvfx-ajfd-huaz
vulnerability_id VCID-yvfx-ajfd-huaz
summary A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1954
reference_id
reference_type
scores
0
value 0.00174
scoring_system epss
scoring_elements 0.38738
published_at 2026-04-01T12:55:00Z
1
value 0.00174
scoring_system epss
scoring_elements 0.38875
published_at 2026-04-02T12:55:00Z
2
value 0.00174
scoring_system epss
scoring_elements 0.38896
published_at 2026-04-04T12:55:00Z
3
value 0.00174
scoring_system epss
scoring_elements 0.38826
published_at 2026-04-07T12:55:00Z
4
value 0.00174
scoring_system epss
scoring_elements 0.38879
published_at 2026-04-08T12:55:00Z
5
value 0.00174
scoring_system epss
scoring_elements 0.38891
published_at 2026-04-09T12:55:00Z
6
value 0.00174
scoring_system epss
scoring_elements 0.38903
published_at 2026-04-11T12:55:00Z
7
value 0.00174
scoring_system epss
scoring_elements 0.38866
published_at 2026-04-12T12:55:00Z
8
value 0.00174
scoring_system epss
scoring_elements 0.38838
published_at 2026-04-13T12:55:00Z
9
value 0.00174
scoring_system epss
scoring_elements 0.38884
published_at 2026-04-16T12:55:00Z
10
value 0.00174
scoring_system epss
scoring_elements 0.38862
published_at 2026-04-18T12:55:00Z
11
value 0.00174
scoring_system epss
scoring_elements 0.38782
published_at 2026-04-21T12:55:00Z
12
value 0.00174
scoring_system epss
scoring_elements 0.38617
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1954
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-1954
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yvfx-ajfd-huaz
324
url VCID-yx48-ptwa-ukhh
vulnerability_id VCID-yx48-ptwa-ukhh
summary Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22230
reference_id
reference_type
scores
0
value 0.00196
scoring_system epss
scoring_elements 0.41401
published_at 2026-04-24T12:55:00Z
1
value 0.00196
scoring_system epss
scoring_elements 0.41486
published_at 2026-04-01T12:55:00Z
2
value 0.00196
scoring_system epss
scoring_elements 0.41576
published_at 2026-04-02T12:55:00Z
3
value 0.00196
scoring_system epss
scoring_elements 0.41604
published_at 2026-04-04T12:55:00Z
4
value 0.00196
scoring_system epss
scoring_elements 0.41531
published_at 2026-04-07T12:55:00Z
5
value 0.00196
scoring_system epss
scoring_elements 0.41581
published_at 2026-04-08T12:55:00Z
6
value 0.00196
scoring_system epss
scoring_elements 0.4159
published_at 2026-04-09T12:55:00Z
7
value 0.00196
scoring_system epss
scoring_elements 0.41611
published_at 2026-04-11T12:55:00Z
8
value 0.00196
scoring_system epss
scoring_elements 0.41578
published_at 2026-04-12T12:55:00Z
9
value 0.00196
scoring_system epss
scoring_elements 0.41564
published_at 2026-04-13T12:55:00Z
10
value 0.00196
scoring_system epss
scoring_elements 0.4161
published_at 2026-04-16T12:55:00Z
11
value 0.00196
scoring_system epss
scoring_elements 0.41585
published_at 2026-04-18T12:55:00Z
12
value 0.00196
scoring_system epss
scoring_elements 0.41509
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22230
1
reference_url https://security.archlinux.org/ASA-202107-18
reference_id ASA-202107-18
reference_type
scores
url https://security.archlinux.org/ASA-202107-18
2
reference_url https://security.archlinux.org/AVG-2125
reference_id AVG-2125
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2125
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22230
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yx48-ptwa-ukhh
325
url VCID-yzes-ta7y-k3af
vulnerability_id VCID-yzes-ta7y-k3af
summary An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff with a pre-existing fork.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0485
reference_id
reference_type
scores
0
value 0.00418
scoring_system epss
scoring_elements 0.61811
published_at 2026-04-24T12:55:00Z
1
value 0.00418
scoring_system epss
scoring_elements 0.61781
published_at 2026-04-08T12:55:00Z
2
value 0.00418
scoring_system epss
scoring_elements 0.61796
published_at 2026-04-09T12:55:00Z
3
value 0.00418
scoring_system epss
scoring_elements 0.61817
published_at 2026-04-11T12:55:00Z
4
value 0.00418
scoring_system epss
scoring_elements 0.61805
published_at 2026-04-12T12:55:00Z
5
value 0.00418
scoring_system epss
scoring_elements 0.61785
published_at 2026-04-13T12:55:00Z
6
value 0.00418
scoring_system epss
scoring_elements 0.61828
published_at 2026-04-16T12:55:00Z
7
value 0.00418
scoring_system epss
scoring_elements 0.61833
published_at 2026-04-18T12:55:00Z
8
value 0.00418
scoring_system epss
scoring_elements 0.61816
published_at 2026-04-21T12:55:00Z
9
value 0.00418
scoring_system epss
scoring_elements 0.61732
published_at 2026-04-07T12:55:00Z
10
value 0.00517
scoring_system epss
scoring_elements 0.66679
published_at 2026-04-04T12:55:00Z
11
value 0.00517
scoring_system epss
scoring_elements 0.66653
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0485
1
reference_url https://hackerone.com/reports/1837937
reference_id 1837937
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:36:43Z/
url https://hackerone.com/reports/1837937
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/389191
reference_id 389191
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:36:43Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/389191
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0485.json
reference_id CVE-2023-0485.json
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:36:43Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0485.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-0485
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yzes-ta7y-k3af
326
url VCID-z4ez-3sgx-ybb8
vulnerability_id VCID-z4ez-3sgx-ybb8
summary It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39890
reference_id
reference_type
scores
0
value 0.0006
scoring_system epss
scoring_elements 0.1861
published_at 2026-04-24T12:55:00Z
1
value 0.0006
scoring_system epss
scoring_elements 0.18788
published_at 2026-04-01T12:55:00Z
2
value 0.0006
scoring_system epss
scoring_elements 0.18926
published_at 2026-04-02T12:55:00Z
3
value 0.0006
scoring_system epss
scoring_elements 0.18979
published_at 2026-04-04T12:55:00Z
4
value 0.0006
scoring_system epss
scoring_elements 0.18702
published_at 2026-04-07T12:55:00Z
5
value 0.0006
scoring_system epss
scoring_elements 0.18782
published_at 2026-04-08T12:55:00Z
6
value 0.0006
scoring_system epss
scoring_elements 0.18836
published_at 2026-04-09T12:55:00Z
7
value 0.0006
scoring_system epss
scoring_elements 0.18841
published_at 2026-04-11T12:55:00Z
8
value 0.0006
scoring_system epss
scoring_elements 0.18795
published_at 2026-04-12T12:55:00Z
9
value 0.0006
scoring_system epss
scoring_elements 0.18743
published_at 2026-04-13T12:55:00Z
10
value 0.0006
scoring_system epss
scoring_elements 0.18692
published_at 2026-04-16T12:55:00Z
11
value 0.0006
scoring_system epss
scoring_elements 0.18704
published_at 2026-04-18T12:55:00Z
12
value 0.0006
scoring_system epss
scoring_elements 0.18723
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39890
1
reference_url https://security.archlinux.org/AVG-2431
reference_id AVG-2431
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2431
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39890
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z4ez-3sgx-ybb8
327
url VCID-z4rm-g2fc-c7c7
vulnerability_id VCID-z4rm-g2fc-c7c7
summary An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0450
reference_id
reference_type
scores
0
value 0.01247
scoring_system epss
scoring_elements 0.79359
published_at 2026-04-24T12:55:00Z
1
value 0.01247
scoring_system epss
scoring_elements 0.79296
published_at 2026-04-08T12:55:00Z
2
value 0.01247
scoring_system epss
scoring_elements 0.79306
published_at 2026-04-09T12:55:00Z
3
value 0.01247
scoring_system epss
scoring_elements 0.7933
published_at 2026-04-11T12:55:00Z
4
value 0.01247
scoring_system epss
scoring_elements 0.79314
published_at 2026-04-12T12:55:00Z
5
value 0.01247
scoring_system epss
scoring_elements 0.79302
published_at 2026-04-13T12:55:00Z
6
value 0.01247
scoring_system epss
scoring_elements 0.79329
published_at 2026-04-16T12:55:00Z
7
value 0.01247
scoring_system epss
scoring_elements 0.79326
published_at 2026-04-18T12:55:00Z
8
value 0.01247
scoring_system epss
scoring_elements 0.79327
published_at 2026-04-21T12:55:00Z
9
value 0.01247
scoring_system epss
scoring_elements 0.7927
published_at 2026-04-07T12:55:00Z
10
value 0.01345
scoring_system epss
scoring_elements 0.80033
published_at 2026-04-04T12:55:00Z
11
value 0.01785
scoring_system epss
scoring_elements 0.82679
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0450
1
reference_url https://hackerone.com/reports/1831547
reference_id 1831547
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T15:29:20Z/
url https://hackerone.com/reports/1831547
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/388962
reference_id 388962
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T15:29:20Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/388962
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0450.json
reference_id CVE-2023-0450.json
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T15:29:20Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0450.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2023-0450
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z4rm-g2fc-c7c7
328
url VCID-z4xw-vzn9-h3gd
vulnerability_id VCID-z4xw-vzn9-h3gd
summary An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3375
reference_id
reference_type
scores
0
value 0.00455
scoring_system epss
scoring_elements 0.63891
published_at 2026-04-24T12:55:00Z
1
value 0.00455
scoring_system epss
scoring_elements 0.63806
published_at 2026-04-07T12:55:00Z
2
value 0.00455
scoring_system epss
scoring_elements 0.63857
published_at 2026-04-08T12:55:00Z
3
value 0.00455
scoring_system epss
scoring_elements 0.63874
published_at 2026-04-12T12:55:00Z
4
value 0.00455
scoring_system epss
scoring_elements 0.63888
published_at 2026-04-11T12:55:00Z
5
value 0.00455
scoring_system epss
scoring_elements 0.63841
published_at 2026-04-13T12:55:00Z
6
value 0.00455
scoring_system epss
scoring_elements 0.63876
published_at 2026-04-16T12:55:00Z
7
value 0.00455
scoring_system epss
scoring_elements 0.63885
published_at 2026-04-18T12:55:00Z
8
value 0.00455
scoring_system epss
scoring_elements 0.63875
published_at 2026-04-21T12:55:00Z
9
value 0.0069
scoring_system epss
scoring_elements 0.71763
published_at 2026-04-04T12:55:00Z
10
value 0.0069
scoring_system epss
scoring_elements 0.71744
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3375
1
reference_url https://hackerone.com/reports/1710533
reference_id 1710533
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:10:57Z/
url https://hackerone.com/reports/1710533
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/376041
reference_id 376041
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:10:57Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/376041
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3375.json
reference_id CVE-2022-3375.json
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:10:57Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3375.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3375
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z4xw-vzn9-h3gd
329
url VCID-z8r2-3th4-uuag
vulnerability_id VCID-z8r2-3th4-uuag
summary Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39946
reference_id
reference_type
scores
0
value 0.00185
scoring_system epss
scoring_elements 0.40078
published_at 2026-04-01T12:55:00Z
1
value 0.00185
scoring_system epss
scoring_elements 0.40227
published_at 2026-04-02T12:55:00Z
2
value 0.00185
scoring_system epss
scoring_elements 0.40251
published_at 2026-04-04T12:55:00Z
3
value 0.00185
scoring_system epss
scoring_elements 0.40174
published_at 2026-04-07T12:55:00Z
4
value 0.00185
scoring_system epss
scoring_elements 0.40226
published_at 2026-04-08T12:55:00Z
5
value 0.00185
scoring_system epss
scoring_elements 0.40238
published_at 2026-04-09T12:55:00Z
6
value 0.00185
scoring_system epss
scoring_elements 0.40249
published_at 2026-04-11T12:55:00Z
7
value 0.00185
scoring_system epss
scoring_elements 0.40211
published_at 2026-04-18T12:55:00Z
8
value 0.00185
scoring_system epss
scoring_elements 0.40192
published_at 2026-04-13T12:55:00Z
9
value 0.00185
scoring_system epss
scoring_elements 0.40241
published_at 2026-04-16T12:55:00Z
10
value 0.00185
scoring_system epss
scoring_elements 0.40134
published_at 2026-04-21T12:55:00Z
11
value 0.00185
scoring_system epss
scoring_elements 0.39961
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39946
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39946
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z8r2-3th4-uuag
330
url VCID-zata-vtf8-u7ag
vulnerability_id VCID-zata-vtf8-u7ag
summary Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22250
reference_id
reference_type
scores
0
value 0.00253
scoring_system epss
scoring_elements 0.48538
published_at 2026-04-01T12:55:00Z
1
value 0.00253
scoring_system epss
scoring_elements 0.48574
published_at 2026-04-02T12:55:00Z
2
value 0.00253
scoring_system epss
scoring_elements 0.48597
published_at 2026-04-04T12:55:00Z
3
value 0.00253
scoring_system epss
scoring_elements 0.48549
published_at 2026-04-07T12:55:00Z
4
value 0.00253
scoring_system epss
scoring_elements 0.48603
published_at 2026-04-08T12:55:00Z
5
value 0.00253
scoring_system epss
scoring_elements 0.48599
published_at 2026-04-09T12:55:00Z
6
value 0.00253
scoring_system epss
scoring_elements 0.4862
published_at 2026-04-11T12:55:00Z
7
value 0.00253
scoring_system epss
scoring_elements 0.48593
published_at 2026-04-24T12:55:00Z
8
value 0.00253
scoring_system epss
scoring_elements 0.48606
published_at 2026-04-13T12:55:00Z
9
value 0.00253
scoring_system epss
scoring_elements 0.48656
published_at 2026-04-16T12:55:00Z
10
value 0.00253
scoring_system epss
scoring_elements 0.48651
published_at 2026-04-18T12:55:00Z
11
value 0.00253
scoring_system epss
scoring_elements 0.48608
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22250
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-22250
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zata-vtf8-u7ag
331
url VCID-zfw8-fmpe-bfar
vulnerability_id VCID-zfw8-fmpe-bfar
summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines and make a sidekiq job allocate a lot of memory. In GitLab instances where Sidekiq is memory-limited, this may cause Denial of Service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3759
reference_id
reference_type
scores
0
value 0.01834
scoring_system epss
scoring_elements 0.82984
published_at 2026-04-24T12:55:00Z
1
value 0.01834
scoring_system epss
scoring_elements 0.82926
published_at 2026-04-12T12:55:00Z
2
value 0.01834
scoring_system epss
scoring_elements 0.82922
published_at 2026-04-13T12:55:00Z
3
value 0.01834
scoring_system epss
scoring_elements 0.82961
published_at 2026-04-16T12:55:00Z
4
value 0.01834
scoring_system epss
scoring_elements 0.8296
published_at 2026-04-18T12:55:00Z
5
value 0.01834
scoring_system epss
scoring_elements 0.82964
published_at 2026-04-21T12:55:00Z
6
value 0.01834
scoring_system epss
scoring_elements 0.82873
published_at 2026-04-02T12:55:00Z
7
value 0.01834
scoring_system epss
scoring_elements 0.82886
published_at 2026-04-04T12:55:00Z
8
value 0.01834
scoring_system epss
scoring_elements 0.82882
published_at 2026-04-07T12:55:00Z
9
value 0.01834
scoring_system epss
scoring_elements 0.82908
published_at 2026-04-08T12:55:00Z
10
value 0.01834
scoring_system epss
scoring_elements 0.82915
published_at 2026-04-09T12:55:00Z
11
value 0.01834
scoring_system epss
scoring_elements 0.82931
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3759
1
reference_url https://hackerone.com/reports/1736230
reference_id 1736230
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:38:20Z/
url https://hackerone.com/reports/1736230
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/379633
reference_id 379633
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:38:20Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/379633
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3759.json
reference_id CVE-2022-3759.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:38:20Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3759.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3759
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zfw8-fmpe-bfar
332
url VCID-zmhb-purs-aqa1
vulnerability_id VCID-zmhb-purs-aqa1
summary A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2992
reference_id
reference_type
scores
0
value 0.93693
scoring_system epss
scoring_elements 0.99846
published_at 2026-04-02T12:55:00Z
1
value 0.93693
scoring_system epss
scoring_elements 0.99848
published_at 2026-04-11T12:55:00Z
2
value 0.93693
scoring_system epss
scoring_elements 0.99847
published_at 2026-04-07T12:55:00Z
3
value 0.93712
scoring_system epss
scoring_elements 0.99851
published_at 2026-04-24T12:55:00Z
4
value 0.93712
scoring_system epss
scoring_elements 0.9985
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2992
1
reference_url https://hackerone.com/reports/1679624
reference_id 1679624
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:27:07Z/
url https://hackerone.com/reports/1679624
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/371884
reference_id 371884
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:27:07Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/371884
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2992.json
reference_id CVE-2022-2992.json
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:27:07Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2992.json
4
reference_url http://packetstormsecurity.com/files/171008/GitLab-GitHub-Repo-Import-Deserialization-Remote-Code-Execution.html
reference_id GitLab-GitHub-Repo-Import-Deserialization-Remote-Code-Execution.html
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:27:07Z/
url http://packetstormsecurity.com/files/171008/GitLab-GitHub-Repo-Import-Deserialization-Remote-Code-Execution.html
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-2992
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zmhb-purs-aqa1
333
url VCID-zu24-pru5-9qba
vulnerability_id VCID-zu24-pru5-9qba
summary A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3411
reference_id
reference_type
scores
0
value 0.02709
scoring_system epss
scoring_elements 0.85935
published_at 2026-04-24T12:55:00Z
1
value 0.02709
scoring_system epss
scoring_elements 0.85906
published_at 2026-04-12T12:55:00Z
2
value 0.02709
scoring_system epss
scoring_elements 0.85901
published_at 2026-04-13T12:55:00Z
3
value 0.02709
scoring_system epss
scoring_elements 0.85919
published_at 2026-04-16T12:55:00Z
4
value 0.02709
scoring_system epss
scoring_elements 0.85923
published_at 2026-04-18T12:55:00Z
5
value 0.02709
scoring_system epss
scoring_elements 0.85915
published_at 2026-04-21T12:55:00Z
6
value 0.02709
scoring_system epss
scoring_elements 0.85845
published_at 2026-04-02T12:55:00Z
7
value 0.02709
scoring_system epss
scoring_elements 0.85862
published_at 2026-04-04T12:55:00Z
8
value 0.02709
scoring_system epss
scoring_elements 0.85866
published_at 2026-04-07T12:55:00Z
9
value 0.02709
scoring_system epss
scoring_elements 0.85884
published_at 2026-04-08T12:55:00Z
10
value 0.02709
scoring_system epss
scoring_elements 0.85894
published_at 2026-04-09T12:55:00Z
11
value 0.02709
scoring_system epss
scoring_elements 0.85909
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3411
1
reference_url https://hackerone.com/reports/1685995
reference_id 1685995
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:39:12Z/
url https://hackerone.com/reports/1685995
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/376247
reference_id 376247
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:39:12Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/376247
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3411.json
reference_id CVE-2022-3411.json
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:39:12Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3411.json
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2022-3411
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zu24-pru5-9qba
334
url VCID-zy36-rb3k-y7eg
vulnerability_id VCID-zy36-rb3k-y7eg
summary An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39904
reference_id
reference_type
scores
0
value 0.00121
scoring_system epss
scoring_elements 0.31007
published_at 2026-04-24T12:55:00Z
1
value 0.00121
scoring_system epss
scoring_elements 0.31194
published_at 2026-04-01T12:55:00Z
2
value 0.00121
scoring_system epss
scoring_elements 0.31321
published_at 2026-04-02T12:55:00Z
3
value 0.00121
scoring_system epss
scoring_elements 0.31363
published_at 2026-04-04T12:55:00Z
4
value 0.00121
scoring_system epss
scoring_elements 0.31182
published_at 2026-04-13T12:55:00Z
5
value 0.00121
scoring_system epss
scoring_elements 0.31235
published_at 2026-04-08T12:55:00Z
6
value 0.00121
scoring_system epss
scoring_elements 0.31266
published_at 2026-04-09T12:55:00Z
7
value 0.00121
scoring_system epss
scoring_elements 0.3127
published_at 2026-04-11T12:55:00Z
8
value 0.00121
scoring_system epss
scoring_elements 0.31226
published_at 2026-04-12T12:55:00Z
9
value 0.00121
scoring_system epss
scoring_elements 0.31215
published_at 2026-04-16T12:55:00Z
10
value 0.00121
scoring_system epss
scoring_elements 0.31197
published_at 2026-04-18T12:55:00Z
11
value 0.00121
scoring_system epss
scoring_elements 0.31166
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39904
1
reference_url https://security.archlinux.org/AVG-2503
reference_id AVG-2503
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2503
fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
aliases CVE-2021-39904
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zy36-rb3k-y7eg
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid