Search for packages
| purl | pkg:alpm/archlinux/gitlab@13.9.4-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-21su-ba8v-huay
Aliases: CVE-2021-22202 |
An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. |
Affected by 0 other vulnerabilities. |
|
VCID-2978-z7hp-tked
Aliases: CVE-2021-22196 |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name. |
Affected by 0 other vulnerabilities. |
|
VCID-2tqx-h18v-kbcg
Aliases: CVE-2021-22198 |
An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. |
Affected by 0 other vulnerabilities. |
|
VCID-396g-fjpn-qucv
Aliases: CVE-2021-22201 |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. |
Affected by 0 other vulnerabilities. |
|
VCID-3buj-yj37-mkbs
Aliases: CVE-2021-22199 |
An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used. |
Affected by 0 other vulnerabilities. |
|
VCID-gwem-yat3-ebat
Aliases: CVE-2021-22197 |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other |
Affected by 0 other vulnerabilities. |
|
VCID-k8rh-pg4b-nubu
Aliases: CVE-2021-22203 |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server. |
Affected by 0 other vulnerabilities. |
|
VCID-ktef-sqf6-ckfp
Aliases: CVE-2021-22200 |
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-15mz-35gt-pbaq | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. |
CVE-2021-22192
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T18:24:17.343749+00:00 | Arch Linux Importer | Fixing | VCID-15mz-35gt-pbaq | https://security.archlinux.org/AVG-1710 | 38.0.0 |
| 2026-04-01T18:24:17.235335+00:00 | Arch Linux Importer | Affected by | VCID-2978-z7hp-tked | https://security.archlinux.org/AVG-1770 | 38.0.0 |
| 2026-04-01T18:24:17.214163+00:00 | Arch Linux Importer | Affected by | VCID-gwem-yat3-ebat | https://security.archlinux.org/AVG-1770 | 38.0.0 |
| 2026-04-01T18:24:17.191798+00:00 | Arch Linux Importer | Affected by | VCID-2tqx-h18v-kbcg | https://security.archlinux.org/AVG-1770 | 38.0.0 |
| 2026-04-01T18:24:17.170018+00:00 | Arch Linux Importer | Affected by | VCID-3buj-yj37-mkbs | https://security.archlinux.org/AVG-1770 | 38.0.0 |
| 2026-04-01T18:24:17.148058+00:00 | Arch Linux Importer | Affected by | VCID-ktef-sqf6-ckfp | https://security.archlinux.org/AVG-1770 | 38.0.0 |
| 2026-04-01T18:24:17.127113+00:00 | Arch Linux Importer | Affected by | VCID-396g-fjpn-qucv | https://security.archlinux.org/AVG-1770 | 38.0.0 |
| 2026-04-01T18:24:17.104924+00:00 | Arch Linux Importer | Affected by | VCID-21su-ba8v-huay | https://security.archlinux.org/AVG-1770 | 38.0.0 |
| 2026-04-01T18:24:17.081858+00:00 | Arch Linux Importer | Affected by | VCID-k8rh-pg4b-nubu | https://security.archlinux.org/AVG-1770 | 38.0.0 |