{"url":"http://public2.vulnerablecode.io/api/packages/372045?format=json","purl":"pkg:alpm/archlinux/gitlab@13.12.2-1","type":"alpm","namespace":"archlinux","name":"gitlab","version":"13.12.2-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"14.0.0-1","latest_non_vulnerable_version":"15.2.1-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240520?format=json","vulnerability_id":"VCID-3gk7-f7rw-s3bt","summary":"An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22220","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35155","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35418","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35618","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35643","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35525","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35571","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35595","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35605","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35561","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35538","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35577","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35567","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35516","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35278","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35257","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35179","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35058","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35128","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35156","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35062","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35085","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22220"},{"reference_url":"https://security.archlinux.org/ASA-202106-21","reference_id":"ASA-202106-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-21"},{"reference_url":"https://security.archlinux.org/AVG-2023","reference_id":"AVG-2023","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372045?format=json","purl":"pkg:alpm/archlinux/gitlab@13.12.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1"}],"aliases":["CVE-2021-22220"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3gk7-f7rw-s3bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240516?format=json","vulnerability_id":"VCID-8ahg-hgub-43b5","summary":"A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22217","reference_id":"","reference_type":"","scores":[{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71765","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71532","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71539","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71557","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.7153","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.7157","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71581","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71603","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71588","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71569","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71614","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71619","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71599","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71649","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71653","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71658","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71643","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71677","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.7171","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71706","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22217"},{"reference_url":"https://security.archlinux.org/ASA-202106-21","reference_id":"ASA-202106-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-21"},{"reference_url":"https://security.archlinux.org/AVG-2023","reference_id":"AVG-2023","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372045?format=json","purl":"pkg:alpm/archlinux/gitlab@13.12.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1"}],"aliases":["CVE-2021-22217"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ahg-hgub-43b5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240466?format=json","vulnerability_id":"VCID-bakk-7gzs-sfd8","summary":"A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22181","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37918","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38269","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38405","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38428","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38292","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38343","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38351","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38368","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38331","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38306","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38354","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38332","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38268","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.3811","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38086","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37993","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37876","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37943","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37955","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37866","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37842","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22181"},{"reference_url":"https://security.archlinux.org/ASA-202106-21","reference_id":"ASA-202106-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-21"},{"reference_url":"https://security.archlinux.org/AVG-2023","reference_id":"AVG-2023","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372045?format=json","purl":"pkg:alpm/archlinux/gitlab@13.12.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1"}],"aliases":["CVE-2021-22181"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bakk-7gzs-sfd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240517?format=json","vulnerability_id":"VCID-k29f-m5ey-f3d6","summary":"All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22218","reference_id":"","reference_type":"","scores":[{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31198","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31672","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31804","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31848","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31668","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31719","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31749","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31752","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31712","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31677","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31709","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31687","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31654","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31477","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.3135","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31269","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31118","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31187","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31195","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31104","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31128","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22218"},{"reference_url":"https://security.archlinux.org/ASA-202106-21","reference_id":"ASA-202106-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-21"},{"reference_url":"https://security.archlinux.org/AVG-2023","reference_id":"AVG-2023","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372045?format=json","purl":"pkg:alpm/archlinux/gitlab@13.12.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1"}],"aliases":["CVE-2021-22218"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k29f-m5ey-f3d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240513?format=json","vulnerability_id":"VCID-kbpk-h81g-g7dr","summary":"An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22215","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42185","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42371","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42442","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42471","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.4241","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42461","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42468","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.4249","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42453","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42423","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42472","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42447","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42376","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42312","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42308","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42225","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.4208","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42154","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42171","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42086","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42114","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22215"},{"reference_url":"https://security.archlinux.org/AVG-2045","reference_id":"AVG-2045","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2045"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372045?format=json","purl":"pkg:alpm/archlinux/gitlab@13.12.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1"}],"aliases":["CVE-2021-22215"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kbpk-h81g-g7dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240518?format=json","vulnerability_id":"VCID-n7d2-p93t-73fg","summary":"All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22219","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.4295","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43055","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43141","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.4308","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43133","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43145","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43166","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43118","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43179","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43168","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43102","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43036","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43038","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42956","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.4282","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42897","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42916","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42856","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42885","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22219"},{"reference_url":"https://security.archlinux.org/ASA-202106-21","reference_id":"ASA-202106-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-21"},{"reference_url":"https://security.archlinux.org/AVG-2023","reference_id":"AVG-2023","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372045?format=json","purl":"pkg:alpm/archlinux/gitlab@13.12.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1"}],"aliases":["CVE-2021-22219"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7d2-p93t-73fg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240512?format=json","vulnerability_id":"VCID-n83t-8xmt-q7cs","summary":"When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22214","reference_id":"","reference_type":"","scores":[{"value":"0.92676","scoring_system":"epss","scoring_elements":"0.9975","published_at":"2026-04-21T12:55:00Z"},{"value":"0.92676","scoring_system":"epss","scoring_elements":"0.99755","published_at":"2026-05-05T12:55:00Z"},{"value":"0.92676","scoring_system":"epss","scoring_elements":"0.99754","published_at":"2026-04-29T12:55:00Z"},{"value":"0.92676","scoring_system":"epss","scoring_elements":"0.99753","published_at":"2026-04-26T12:55:00Z"},{"value":"0.92676","scoring_system":"epss","scoring_elements":"0.99752","published_at":"2026-04-24T12:55:00Z"},{"value":"0.93321","scoring_system":"epss","scoring_elements":"0.99816","published_at":"2026-05-14T12:55:00Z"},{"value":"0.93321","scoring_system":"epss","scoring_elements":"0.99815","published_at":"2026-05-12T12:55:00Z"},{"value":"0.93431","scoring_system":"epss","scoring_elements":"0.99817","published_at":"2026-04-13T12:55:00Z"},{"value":"0.93431","scoring_system":"epss","scoring_elements":"0.99816","published_at":"2026-04-09T12:55:00Z"},{"value":"0.93431","scoring_system":"epss","scoring_elements":"0.99815","published_at":"2026-04-04T12:55:00Z"},{"value":"0.9357","scoring_system":"epss","scoring_elements":"0.99833","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22214"},{"reference_url":"https://security.archlinux.org/ASA-202106-21","reference_id":"ASA-202106-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-21"},{"reference_url":"https://security.archlinux.org/AVG-2023","reference_id":"AVG-2023","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372045?format=json","purl":"pkg:alpm/archlinux/gitlab@13.12.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1"}],"aliases":["CVE-2021-22214"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n83t-8xmt-q7cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240511?format=json","vulnerability_id":"VCID-s8ds-5b7r-gfed","summary":"A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22213","reference_id":"","reference_type":"","scores":[{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76643","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76409","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76412","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.7644","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76422","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76454","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76468","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76494","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76472","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76508","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76512","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.765","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76534","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.7654","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76553","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76541","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76571","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76589","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76576","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76593","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22213"},{"reference_url":"https://security.archlinux.org/ASA-202106-21","reference_id":"ASA-202106-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-21"},{"reference_url":"https://security.archlinux.org/AVG-2023","reference_id":"AVG-2023","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372045?format=json","purl":"pkg:alpm/archlinux/gitlab@13.12.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1"}],"aliases":["CVE-2021-22213"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s8ds-5b7r-gfed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240521?format=json","vulnerability_id":"VCID-t5qj-bzm5-5qhe","summary":"An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited access after their password expired","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22221","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40426","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40679","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40763","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.4079","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40714","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40764","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40771","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40756","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40737","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40781","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40752","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40674","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40578","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40566","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40483","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40338","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40405","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40423","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40326","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40352","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22221"},{"reference_url":"https://security.archlinux.org/ASA-202106-21","reference_id":"ASA-202106-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-21"},{"reference_url":"https://security.archlinux.org/AVG-2023","reference_id":"AVG-2023","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372045?format=json","purl":"pkg:alpm/archlinux/gitlab@13.12.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1"}],"aliases":["CVE-2021-22221"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t5qj-bzm5-5qhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240515?format=json","vulnerability_id":"VCID-y93u-mrdn-abe3","summary":"A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22216","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37932","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.3828","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38418","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38442","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38306","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38356","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38364","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38381","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38343","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38318","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38366","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38346","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38281","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38122","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38098","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38005","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37889","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37956","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37969","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.3788","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37856","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22216"},{"reference_url":"https://security.archlinux.org/ASA-202106-21","reference_id":"ASA-202106-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-21"},{"reference_url":"https://security.archlinux.org/AVG-2023","reference_id":"AVG-2023","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372045?format=json","purl":"pkg:alpm/archlinux/gitlab@13.12.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1"}],"aliases":["CVE-2021-22216"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y93u-mrdn-abe3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.12.2-1"}