Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/373211?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/373211?format=api", "purl": "pkg:alpm/archlinux/gitlab@15.2.1-1", "type": "alpm", "namespace": "archlinux", "name": "gitlab", "version": "15.2.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266413?format=api", "vulnerability_id": "VCID-1t9u-drzk-5ffz", "summary": "A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2500", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48725", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48768", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48794", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48748", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48802", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48799", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48816", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.4879", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48798", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48847", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48843", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48749", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48663", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2500" }, { "reference_url": "https://security.archlinux.org/AVG-2785", "reference_id": "AVG-2785", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2785" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373211?format=api", "purl": "pkg:alpm/archlinux/gitlab@15.2.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.1-1" } ], "aliases": [ "CVE-2022-2500" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1t9u-drzk-5ffz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266411?format=api", "vulnerability_id": "VCID-3szm-mdpf-6ua7", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2534", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.4384", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44056", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44079", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.4401", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44062", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44064", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44047", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44031", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44092", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44083", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44017", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.43968", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.43972", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.43887", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.43765", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2534" }, { "reference_url": "https://security.archlinux.org/AVG-2785", "reference_id": "AVG-2785", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2785" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373211?format=api", "purl": "pkg:alpm/archlinux/gitlab@15.2.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.1-1" } ], "aliases": [ "CVE-2022-2534" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3szm-mdpf-6ua7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266417?format=api", "vulnerability_id": "VCID-92x8-rmhg-zuh6", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an unverified secondary email.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47728", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47777", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47796", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47745", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.478", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47795", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.4782", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47806", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.4786", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47853", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47788", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47798", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47662", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2326" }, { "reference_url": "https://security.archlinux.org/AVG-2785", "reference_id": "AVG-2785", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2785" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373211?format=api", "purl": "pkg:alpm/archlinux/gitlab@15.2.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.1-1" } ], "aliases": [ "CVE-2022-2326" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-92x8-rmhg-zuh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266414?format=api", "vulnerability_id": "VCID-9cvy-mzhc-ukhu", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.81744", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.81577", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.81598", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.81596", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.81623", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.81629", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.81649", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.81636", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.81667", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.81666", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.8167", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.81693", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.81702", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.81706", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.81723", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2497" }, { "reference_url": "https://security.archlinux.org/AVG-2785", "reference_id": "AVG-2785", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2785" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373211?format=api", "purl": "pkg:alpm/archlinux/gitlab@15.2.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.1-1" } ], "aliases": [ "CVE-2022-2497" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9cvy-mzhc-ukhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266412?format=api", "vulnerability_id": "VCID-hd2f-p7zx-vqcp", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2512", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31046", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31655", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31699", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31517", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.3157", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.316", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31605", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31563", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31526", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31559", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31537", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31504", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31331", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31204", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31124", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30976", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2512" }, { "reference_url": "https://security.archlinux.org/AVG-2785", "reference_id": "AVG-2785", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2785" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373211?format=api", "purl": "pkg:alpm/archlinux/gitlab@15.2.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.1-1" } ], "aliases": [ "CVE-2022-2512" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hd2f-p7zx-vqcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266420?format=api", "vulnerability_id": "VCID-hfyr-23g4-y7e5", "summary": "An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's public fingerprint and name when that key has write permission. Note that GitLab never asks for nor stores the private key.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2095", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.69015", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.6885", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68871", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68851", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68901", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68919", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68942", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68928", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68899", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68939", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.6895", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68929", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.6898", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68986", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68991", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68971", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2095" }, { "reference_url": "https://security.archlinux.org/AVG-2785", "reference_id": "AVG-2785", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2785" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373211?format=api", "purl": "pkg:alpm/archlinux/gitlab@15.2.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.1-1" } ], "aliases": [ "CVE-2022-2095" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfyr-23g4-y7e5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266410?format=api", "vulnerability_id": "VCID-mbnw-5r9b-mybe", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2539", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40503", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40868", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40895", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40822", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40872", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40878", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40894", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.4086", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.4084", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40884", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40854", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40775", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40681", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40669", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40584", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40437", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2539" }, { "reference_url": "https://security.archlinux.org/AVG-2785", "reference_id": "AVG-2785", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2785" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373211?format=api", "purl": "pkg:alpm/archlinux/gitlab@15.2.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.1-1" } ], "aliases": [ "CVE-2022-2539" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mbnw-5r9b-mybe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266418?format=api", "vulnerability_id": "VCID-mrtq-9dj4-a7bf", "summary": "A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2307", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24443", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24776", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24814", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24589", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24657", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24705", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24718", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24678", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24621", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24623", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24601", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24545", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24532", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24489", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24365", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2307" }, { "reference_url": "https://security.archlinux.org/AVG-2785", "reference_id": "AVG-2785", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2785" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373211?format=api", "purl": "pkg:alpm/archlinux/gitlab@15.2.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.1-1" } ], "aliases": [ "CVE-2022-2307" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mrtq-9dj4-a7bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266419?format=api", "vulnerability_id": "VCID-tv9d-9wvu-rfdg", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37729", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38229", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38252", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38122", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38172", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.3818", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38198", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38163", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38139", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38184", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38166", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38101", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37885", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37862", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37767", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.3766", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2303" }, { "reference_url": "https://security.archlinux.org/AVG-2785", "reference_id": "AVG-2785", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2785" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373211?format=api", "purl": "pkg:alpm/archlinux/gitlab@15.2.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.1-1" } ], "aliases": [ "CVE-2022-2303" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tv9d-9wvu-rfdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266416?format=api", "vulnerability_id": "VCID-tzw9-uffa-9ycy", "summary": "Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2417", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.34994", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.3549", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35515", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35398", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35444", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35468", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35478", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35435", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35411", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35452", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.3544", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35387", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35153", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35131", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35043", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.34922", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2417" }, { "reference_url": "https://security.archlinux.org/AVG-2785", "reference_id": "AVG-2785", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2785" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373211?format=api", "purl": "pkg:alpm/archlinux/gitlab@15.2.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.1-1" } ], "aliases": [ "CVE-2022-2417" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tzw9-uffa-9ycy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266415?format=api", "vulnerability_id": "VCID-wyff-62y3-9qdq", "summary": "An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2456", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.42911", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.4313", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43157", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43096", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43149", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43161", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43182", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43134", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43193", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43183", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43116", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43051", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43053", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.4297", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.42835", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2456" }, { "reference_url": "https://security.archlinux.org/AVG-2785", "reference_id": "AVG-2785", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2785" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373211?format=api", "purl": "pkg:alpm/archlinux/gitlab@15.2.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.1-1" } ], "aliases": [ "CVE-2022-2456" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wyff-62y3-9qdq" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.1-1" }