Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/372044?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/372044?format=api", "purl": "pkg:alpm/archlinux/gitlab@13.11.3-1", "type": "alpm", "namespace": "archlinux", "name": "gitlab", "version": "13.11.3-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "13.12.2-1", "latest_non_vulnerable_version": "15.2.1-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240520?format=api", "vulnerability_id": "VCID-3gk7-f7rw-s3bt", "summary": "An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35156", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35418", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35618", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35643", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35525", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35571", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35595", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35605", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35561", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35538", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35577", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35567", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35516", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35278", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35257", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35179", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35058", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35128", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22220" }, { "reference_url": "https://security.archlinux.org/ASA-202106-21", "reference_id": "ASA-202106-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-21" }, { "reference_url": "https://security.archlinux.org/AVG-2023", "reference_id": "AVG-2023", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2023" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372045?format=api", "purl": "pkg:alpm/archlinux/gitlab@13.12.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1" } ], "aliases": [ "CVE-2021-22220" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gk7-f7rw-s3bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240516?format=api", "vulnerability_id": "VCID-8ahg-hgub-43b5", "summary": "A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.7171", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71532", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71539", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71557", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.7153", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.7157", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71581", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71603", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71588", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71569", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71614", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71619", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71599", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71649", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71653", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71658", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71643", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71677", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22217" }, { "reference_url": "https://security.archlinux.org/ASA-202106-21", "reference_id": "ASA-202106-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-21" }, { "reference_url": "https://security.archlinux.org/AVG-2023", "reference_id": "AVG-2023", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2023" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372045?format=api", "purl": "pkg:alpm/archlinux/gitlab@13.12.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1" } ], "aliases": [ "CVE-2021-22217" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ahg-hgub-43b5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240466?format=api", "vulnerability_id": "VCID-bakk-7gzs-sfd8", "summary": "A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22181", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.37955", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38269", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38405", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38428", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38292", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38343", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38351", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38368", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38331", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38306", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38354", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38332", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38268", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.3811", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38086", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.37993", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.37876", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.37943", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22181" }, { "reference_url": "https://security.archlinux.org/ASA-202106-21", "reference_id": "ASA-202106-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-21" }, { "reference_url": "https://security.archlinux.org/AVG-2023", "reference_id": "AVG-2023", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2023" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372045?format=api", "purl": "pkg:alpm/archlinux/gitlab@13.12.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1" } ], "aliases": [ "CVE-2021-22181" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bakk-7gzs-sfd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240517?format=api", "vulnerability_id": "VCID-k29f-m5ey-f3d6", "summary": "All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22218", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31195", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31672", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31804", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31848", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31668", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31719", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31749", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31752", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31712", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31677", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31709", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31687", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31654", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31477", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.3135", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31269", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31118", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31187", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22218" }, { "reference_url": "https://security.archlinux.org/ASA-202106-21", "reference_id": "ASA-202106-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-21" }, { "reference_url": "https://security.archlinux.org/AVG-2023", "reference_id": "AVG-2023", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2023" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372045?format=api", "purl": "pkg:alpm/archlinux/gitlab@13.12.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1" } ], "aliases": [ "CVE-2021-22218" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k29f-m5ey-f3d6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240513?format=api", "vulnerability_id": "VCID-kbpk-h81g-g7dr", "summary": "An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42171", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42371", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42442", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42471", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.4241", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42461", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42468", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.4249", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42453", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42423", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42472", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42447", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42376", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42312", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42308", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42225", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.4208", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42154", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22215" }, { "reference_url": "https://security.archlinux.org/AVG-2045", "reference_id": "AVG-2045", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2045" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372045?format=api", "purl": "pkg:alpm/archlinux/gitlab@13.12.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1" } ], "aliases": [ "CVE-2021-22215" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kbpk-h81g-g7dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240518?format=api", "vulnerability_id": "VCID-n7d2-p93t-73fg", "summary": "All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22219", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.42916", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43055", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43113", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43141", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.4308", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43133", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43145", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43166", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43118", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43179", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43168", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43102", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43036", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43038", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.42956", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.4282", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.42897", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22219" }, { "reference_url": "https://security.archlinux.org/ASA-202106-21", "reference_id": "ASA-202106-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-21" }, { "reference_url": "https://security.archlinux.org/AVG-2023", "reference_id": "AVG-2023", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2023" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372045?format=api", "purl": "pkg:alpm/archlinux/gitlab@13.12.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1" } ], "aliases": [ "CVE-2021-22219" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n7d2-p93t-73fg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240512?format=api", "vulnerability_id": "VCID-n83t-8xmt-q7cs", "summary": "When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22214", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92676", "scoring_system": "epss", "scoring_elements": "0.9975", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.92676", "scoring_system": "epss", "scoring_elements": "0.99755", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.92676", "scoring_system": "epss", "scoring_elements": "0.99754", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.92676", "scoring_system": "epss", "scoring_elements": "0.99753", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.92676", "scoring_system": "epss", "scoring_elements": "0.99752", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.93321", "scoring_system": "epss", "scoring_elements": "0.99815", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.93431", "scoring_system": "epss", "scoring_elements": "0.99817", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.93431", "scoring_system": "epss", "scoring_elements": "0.99816", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.93431", "scoring_system": "epss", "scoring_elements": "0.99815", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.9357", "scoring_system": "epss", "scoring_elements": "0.99833", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22214" }, { "reference_url": "https://security.archlinux.org/ASA-202106-21", "reference_id": "ASA-202106-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-21" }, { "reference_url": "https://security.archlinux.org/AVG-2023", "reference_id": "AVG-2023", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2023" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372045?format=api", "purl": "pkg:alpm/archlinux/gitlab@13.12.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1" } ], "aliases": [ "CVE-2021-22214" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n83t-8xmt-q7cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240511?format=api", "vulnerability_id": "VCID-s8ds-5b7r-gfed", "summary": "A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22213", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76589", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76409", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76412", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.7644", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76422", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76454", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76468", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76494", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76472", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76508", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76512", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.765", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76534", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.7654", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76553", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76541", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76571", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22213" }, { "reference_url": "https://security.archlinux.org/ASA-202106-21", "reference_id": "ASA-202106-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-21" }, { "reference_url": "https://security.archlinux.org/AVG-2023", "reference_id": "AVG-2023", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2023" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372045?format=api", "purl": "pkg:alpm/archlinux/gitlab@13.12.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1" } ], "aliases": [ "CVE-2021-22213" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s8ds-5b7r-gfed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240521?format=api", "vulnerability_id": "VCID-t5qj-bzm5-5qhe", "summary": "An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited access after their password expired", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40423", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40679", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40763", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.4079", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40714", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40764", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40771", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40756", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40737", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40781", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40752", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40674", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40578", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40566", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40483", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40338", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40405", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22221" }, { "reference_url": "https://security.archlinux.org/ASA-202106-21", "reference_id": "ASA-202106-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-21" }, { "reference_url": "https://security.archlinux.org/AVG-2023", "reference_id": "AVG-2023", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2023" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372045?format=api", "purl": "pkg:alpm/archlinux/gitlab@13.12.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1" } ], "aliases": [ "CVE-2021-22221" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t5qj-bzm5-5qhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240515?format=api", "vulnerability_id": "VCID-y93u-mrdn-abe3", "summary": "A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22216", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.37969", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.3828", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38418", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38442", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38306", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38356", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38364", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38381", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38343", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38318", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38366", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38346", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38281", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38122", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38098", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38005", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.37889", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.37956", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22216" }, { "reference_url": "https://security.archlinux.org/ASA-202106-21", "reference_id": "ASA-202106-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-21" }, { "reference_url": "https://security.archlinux.org/AVG-2023", "reference_id": "AVG-2023", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2023" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372045?format=api", "purl": "pkg:alpm/archlinux/gitlab@13.12.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1" } ], "aliases": [ "CVE-2021-22216" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y93u-mrdn-abe3" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.11.3-1" }