{"url":"http://public2.vulnerablecode.io/api/packages/371976?format=json","purl":"pkg:alpm/archlinux/gitlab@14.1.2-1","type":"alpm","namespace":"archlinux","name":"gitlab","version":"14.1.2-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"14.2.2-1","latest_non_vulnerable_version":"15.2.1-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240542?format=json","vulnerability_id":"VCID-dpda-b429-ske5","summary":"Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22237","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38625","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38857","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38989","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.39009","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3894","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38993","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.39007","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.39019","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38983","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38956","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.39003","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38984","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.389","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38737","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38713","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22237"},{"reference_url":"https://security.archlinux.org/ASA-202108-7","reference_id":"ASA-202108-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-7"},{"reference_url":"https://security.archlinux.org/AVG-2251","reference_id":"AVG-2251","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2251"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371976?format=json","purl":"pkg:alpm/archlinux/gitlab@14.1.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.1.2-1"}],"aliases":["CVE-2021-22237"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dpda-b429-ske5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240548?format=json","vulnerability_id":"VCID-qs8s-5gm5-m3hy","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22241","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40741","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40933","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41015","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41046","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40972","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41021","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41029","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41047","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41012","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40996","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41038","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41008","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40931","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40837","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40824","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22241"},{"reference_url":"https://security.archlinux.org/ASA-202108-7","reference_id":"ASA-202108-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-7"},{"reference_url":"https://security.archlinux.org/AVG-2251","reference_id":"AVG-2251","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2251"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371976?format=json","purl":"pkg:alpm/archlinux/gitlab@14.1.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.1.2-1"}],"aliases":["CVE-2021-22241"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qs8s-5gm5-m3hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240545?format=json","vulnerability_id":"VCID-tk7s-v2w6-ukhr","summary":"An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22239","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37126","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37411","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37577","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37601","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37478","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37529","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37542","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37556","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37521","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37495","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37523","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37459","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37218","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22239"},{"reference_url":"https://security.archlinux.org/ASA-202108-7","reference_id":"ASA-202108-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-7"},{"reference_url":"https://security.archlinux.org/AVG-2251","reference_id":"AVG-2251","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2251"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371976?format=json","purl":"pkg:alpm/archlinux/gitlab@14.1.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.1.2-1"}],"aliases":["CVE-2021-22239"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tk7s-v2w6-ukhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240541?format=json","vulnerability_id":"VCID-xuub-mcj4-rqhg","summary":"Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22236","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45095","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45147","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45228","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45249","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45192","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45248","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45247","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45269","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45237","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45239","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.4529","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45285","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45235","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45146","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45154","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22236"},{"reference_url":"https://security.archlinux.org/ASA-202108-7","reference_id":"ASA-202108-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-7"},{"reference_url":"https://security.archlinux.org/AVG-2251","reference_id":"AVG-2251","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2251"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371976?format=json","purl":"pkg:alpm/archlinux/gitlab@14.1.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.1.2-1"}],"aliases":["CVE-2021-22236"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xuub-mcj4-rqhg"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.1.2-1"}