VulnerableCode Package Details - pkg:alpm/archlinux/gitlab@13.11.3-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:alpm/archlinux/gitlab@13.11.3-1

Essentials
History (10)

purl	pkg:alpm/archlinux/gitlab@13.11.3-1

Next non-vulnerable version	13.12.2-1
Latest non-vulnerable version	15.2.1-1
Risk	10.0

Vulnerabilities affecting this package (10)

Vulnerability	Summary	Fixed by
VCID-3gk7-f7rw-s3bt Aliases: CVE-2021-22220	An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks.	13.12.2-1 Affected by 0 other vulnerabilities.
VCID-8ahg-hgub-43b5 Aliases: CVE-2021-22217	A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request	13.12.2-1 Affected by 0 other vulnerabilities.
VCID-bakk-7gzs-sfd8 Aliases: CVE-2021-22181	A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources.	13.12.2-1 Affected by 0 other vulnerabilities.
VCID-k29f-m5ey-f3d6 Aliases: CVE-2021-22218	All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.	13.12.2-1 Affected by 0 other vulnerabilities.
VCID-kbpk-h81g-g7dr Aliases: CVE-2021-22215	An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects	13.12.2-1 Affected by 0 other vulnerabilities.
VCID-n7d2-p93t-73fg Aliases: CVE-2021-22219	All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.	13.12.2-1 Affected by 0 other vulnerabilities.
VCID-n83t-8xmt-q7cs Aliases: CVE-2021-22214	When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited	13.12.2-1 Affected by 0 other vulnerabilities.
VCID-s8ds-5b7r-gfed Aliases: CVE-2021-22213	A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari	13.12.2-1 Affected by 0 other vulnerabilities.
VCID-t5qj-bzm5-5qhe Aliases: CVE-2021-22221	An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited access after their password expired	13.12.2-1 Affected by 0 other vulnerabilities.
VCID-y93u-mrdn-abe3 Aliases: CVE-2021-22216	A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description	13.12.2-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:25:31.326711+00:00	Arch Linux Importer	Affected by	VCID-bakk-7gzs-sfd8	https://security.archlinux.org/AVG-2023	38.0.0
2026-04-01T18:25:31.303841+00:00	Arch Linux Importer	Affected by	VCID-s8ds-5b7r-gfed	https://security.archlinux.org/AVG-2023	38.0.0
2026-04-01T18:25:31.280373+00:00	Arch Linux Importer	Affected by	VCID-n83t-8xmt-q7cs	https://security.archlinux.org/AVG-2023	38.0.0
2026-04-01T18:25:31.254770+00:00	Arch Linux Importer	Affected by	VCID-y93u-mrdn-abe3	https://security.archlinux.org/AVG-2023	38.0.0
2026-04-01T18:25:31.230819+00:00	Arch Linux Importer	Affected by	VCID-8ahg-hgub-43b5	https://security.archlinux.org/AVG-2023	38.0.0
2026-04-01T18:25:31.207556+00:00	Arch Linux Importer	Affected by	VCID-k29f-m5ey-f3d6	https://security.archlinux.org/AVG-2023	38.0.0
2026-04-01T18:25:31.185482+00:00	Arch Linux Importer	Affected by	VCID-n7d2-p93t-73fg	https://security.archlinux.org/AVG-2023	38.0.0
2026-04-01T18:25:31.163338+00:00	Arch Linux Importer	Affected by	VCID-3gk7-f7rw-s3bt	https://security.archlinux.org/AVG-2023	38.0.0
2026-04-01T18:25:31.139168+00:00	Arch Linux Importer	Affected by	VCID-t5qj-bzm5-5qhe	https://security.archlinux.org/AVG-2023	38.0.0
2026-04-01T18:25:31.112171+00:00	Arch Linux Importer	Affected by	VCID-kbpk-h81g-g7dr	https://security.archlinux.org/AVG-2045	38.0.0