Search for packages
| purl | pkg:alpm/archlinux/gitlab@13.10.1-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-21su-ba8v-huay | An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. |
CVE-2021-22202
|
| VCID-2978-z7hp-tked | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name. |
CVE-2021-22196
|
| VCID-2tqx-h18v-kbcg | An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. |
CVE-2021-22198
|
| VCID-396g-fjpn-qucv | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. |
CVE-2021-22201
|
| VCID-3buj-yj37-mkbs | An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used. |
CVE-2021-22199
|
| VCID-gwem-yat3-ebat | An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other |
CVE-2021-22197
|
| VCID-k8rh-pg4b-nubu | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server. |
CVE-2021-22203
|
| VCID-ktef-sqf6-ckfp | An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user. |
CVE-2021-22200
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T18:24:17.239125+00:00 | Arch Linux Importer | Fixing | VCID-2978-z7hp-tked | https://security.archlinux.org/AVG-1770 | 38.0.0 |
| 2026-04-01T18:24:17.217767+00:00 | Arch Linux Importer | Fixing | VCID-gwem-yat3-ebat | https://security.archlinux.org/AVG-1770 | 38.0.0 |
| 2026-04-01T18:24:17.195420+00:00 | Arch Linux Importer | Fixing | VCID-2tqx-h18v-kbcg | https://security.archlinux.org/AVG-1770 | 38.0.0 |
| 2026-04-01T18:24:17.173665+00:00 | Arch Linux Importer | Fixing | VCID-3buj-yj37-mkbs | https://security.archlinux.org/AVG-1770 | 38.0.0 |
| 2026-04-01T18:24:17.151748+00:00 | Arch Linux Importer | Fixing | VCID-ktef-sqf6-ckfp | https://security.archlinux.org/AVG-1770 | 38.0.0 |
| 2026-04-01T18:24:17.130839+00:00 | Arch Linux Importer | Fixing | VCID-396g-fjpn-qucv | https://security.archlinux.org/AVG-1770 | 38.0.0 |
| 2026-04-01T18:24:17.108557+00:00 | Arch Linux Importer | Fixing | VCID-21su-ba8v-huay | https://security.archlinux.org/AVG-1770 | 38.0.0 |
| 2026-04-01T18:24:17.086305+00:00 | Arch Linux Importer | Fixing | VCID-k8rh-pg4b-nubu | https://security.archlinux.org/AVG-1770 | 38.0.0 |