Search for packages
| purl | pkg:alpm/archlinux/gitlab@14.1.2-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-dpda-b429-ske5 | Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2 |
CVE-2021-22237
|
| VCID-qs8s-5gm5-m3hy | An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name. |
CVE-2021-22241
|
| VCID-tk7s-v2w6-ukhr | An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later. |
CVE-2021-22239
|
| VCID-xuub-mcj4-rqhg | Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1. |
CVE-2021-22236
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T18:25:25.474350+00:00 | Arch Linux Importer | Fixing | VCID-xuub-mcj4-rqhg | https://security.archlinux.org/AVG-2251 | 38.0.0 |
| 2026-04-01T18:25:25.448229+00:00 | Arch Linux Importer | Fixing | VCID-dpda-b429-ske5 | https://security.archlinux.org/AVG-2251 | 38.0.0 |
| 2026-04-01T18:25:25.424356+00:00 | Arch Linux Importer | Fixing | VCID-tk7s-v2w6-ukhr | https://security.archlinux.org/AVG-2251 | 38.0.0 |
| 2026-04-01T18:25:25.399134+00:00 | Arch Linux Importer | Fixing | VCID-qs8s-5gm5-m3hy | https://security.archlinux.org/AVG-2251 | 38.0.0 |