{"url":"http://public2.vulnerablecode.io/api/packages/374156?format=json","purl":"pkg:alpm/archlinux/gitlab@13.6.2-1","type":"alpm","namespace":"archlinux","name":"gitlab","version":"13.6.2-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"13.7.2-1","latest_non_vulnerable_version":"15.2.1-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224029?format=json","vulnerability_id":"VCID-4vm6-67ra-6fct","summary":"Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26416","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1281","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12921","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13012","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13063","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12862","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1294","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12991","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12951","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12916","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12871","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12773","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12777","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12875","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12896","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12861","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12753","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12662","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26416"},{"reference_url":"https://security.archlinux.org/AVG-1347","reference_id":"AVG-1347","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1347"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374156?format=json","purl":"pkg:alpm/archlinux/gitlab@13.6.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1"}],"aliases":["CVE-2020-26416"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4vm6-67ra-6fct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224024?format=json","vulnerability_id":"VCID-82a8-grn5-eqdj","summary":"Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26412","reference_id":"","reference_type":"","scores":[{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32067","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32511","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32655","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32691","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32513","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32561","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32587","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32589","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32551","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32523","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.3256","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32538","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32506","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32341","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32225","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32141","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32001","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26412"},{"reference_url":"https://security.archlinux.org/AVG-1347","reference_id":"AVG-1347","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1347"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374156?format=json","purl":"pkg:alpm/archlinux/gitlab@13.6.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1"}],"aliases":["CVE-2020-26412"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-82a8-grn5-eqdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224030?format=json","vulnerability_id":"VCID-9bqx-bjky-zqen","summary":"Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2, >=13.5 to <13.5.5, and >=13.1 to <13.4.7.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26417","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41303","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41528","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41617","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41646","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41573","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41623","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41632","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41656","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41609","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41629","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41554","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41447","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41443","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41366","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41232","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26417"},{"reference_url":"https://security.archlinux.org/AVG-1333","reference_id":"AVG-1333","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1333"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374156?format=json","purl":"pkg:alpm/archlinux/gitlab@13.6.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1"}],"aliases":["CVE-2020-26417"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9bqx-bjky-zqen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/216248?format=json","vulnerability_id":"VCID-bjxw-yvhv-u7b8","summary":"An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13357","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34921","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35217","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35417","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35441","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.3537","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35396","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35398","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35361","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35339","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35379","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35367","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35315","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35081","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.3506","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.3497","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34849","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13357"},{"reference_url":"https://security.archlinux.org/AVG-1333","reference_id":"AVG-1333","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1333"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374156?format=json","purl":"pkg:alpm/archlinux/gitlab@13.6.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1"}],"aliases":["CVE-2020-13357"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bjxw-yvhv-u7b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224018?format=json","vulnerability_id":"VCID-cj92-8xpy-mqdw","summary":"A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26407","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35128","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35418","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35618","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35643","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35525","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35571","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35595","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35605","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35561","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35538","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35577","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35567","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35516","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35278","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35257","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35179","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35058","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26407"},{"reference_url":"https://security.archlinux.org/AVG-1333","reference_id":"AVG-1333","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1333"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374156?format=json","purl":"pkg:alpm/archlinux/gitlab@13.6.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1"}],"aliases":["CVE-2020-26407"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cj92-8xpy-mqdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224020?format=json","vulnerability_id":"VCID-m2hg-kn7f-fygz","summary":"A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's private profile","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26408","reference_id":"","reference_type":"","scores":[{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.3036","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30826","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30954","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.31002","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30818","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30877","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30907","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.3091","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30867","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30822","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30853","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30833","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30797","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30631","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30515","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30431","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30289","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26408"},{"reference_url":"https://security.archlinux.org/AVG-1333","reference_id":"AVG-1333","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1333"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374156?format=json","purl":"pkg:alpm/archlinux/gitlab@13.6.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1"}],"aliases":["CVE-2020-26408"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m2hg-kn7f-fygz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224022?format=json","vulnerability_id":"VCID-mz6d-zyzb-a3h6","summary":"A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26411","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26458","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26828","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26871","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26911","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26697","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26765","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26815","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26818","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26773","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26717","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26724","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26696","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2666","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26602","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26593","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26521","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26389","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26411"},{"reference_url":"https://security.archlinux.org/AVG-1333","reference_id":"AVG-1333","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1333"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374156?format=json","purl":"pkg:alpm/archlinux/gitlab@13.6.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1"}],"aliases":["CVE-2020-26411"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mz6d-zyzb-a3h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224021?format=json","vulnerability_id":"VCID-pg7c-w5h8-2fbk","summary":"A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26409","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37668","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37989","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.3817","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38193","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38063","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38113","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38122","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.3814","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38103","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38079","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38125","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38105","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38041","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37826","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37803","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37708","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37599","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26409"},{"reference_url":"https://security.archlinux.org/AVG-1333","reference_id":"AVG-1333","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1333"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374156?format=json","purl":"pkg:alpm/archlinux/gitlab@13.6.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1"}],"aliases":["CVE-2020-26409"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pg7c-w5h8-2fbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224025?format=json","vulnerability_id":"VCID-rafm-7u81-2qhy","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26413","reference_id":"","reference_type":"","scores":[{"value":"0.82145","scoring_system":"epss","scoring_elements":"0.99224","published_at":"2026-05-07T12:55:00Z"},{"value":"0.82145","scoring_system":"epss","scoring_elements":"0.99216","published_at":"2026-04-21T12:55:00Z"},{"value":"0.82145","scoring_system":"epss","scoring_elements":"0.99218","published_at":"2026-04-24T12:55:00Z"},{"value":"0.82145","scoring_system":"epss","scoring_elements":"0.99219","published_at":"2026-04-26T12:55:00Z"},{"value":"0.82145","scoring_system":"epss","scoring_elements":"0.9922","published_at":"2026-04-29T12:55:00Z"},{"value":"0.82145","scoring_system":"epss","scoring_elements":"0.99223","published_at":"2026-05-05T12:55:00Z"},{"value":"0.82145","scoring_system":"epss","scoring_elements":"0.99215","published_at":"2026-04-12T12:55:00Z"},{"value":"0.82145","scoring_system":"epss","scoring_elements":"0.99213","published_at":"2026-04-13T12:55:00Z"},{"value":"0.82145","scoring_system":"epss","scoring_elements":"0.99214","published_at":"2026-04-16T12:55:00Z"},{"value":"0.85659","scoring_system":"epss","scoring_elements":"0.99374","published_at":"2026-04-11T12:55:00Z"},{"value":"0.88741","scoring_system":"epss","scoring_elements":"0.99509","published_at":"2026-04-07T12:55:00Z"},{"value":"0.88741","scoring_system":"epss","scoring_elements":"0.99511","published_at":"2026-04-09T12:55:00Z"},{"value":"0.88741","scoring_system":"epss","scoring_elements":"0.99507","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26413"},{"reference_url":"https://security.archlinux.org/AVG-1333","reference_id":"AVG-1333","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1333"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374156?format=json","purl":"pkg:alpm/archlinux/gitlab@13.6.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1"}],"aliases":["CVE-2020-26413"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rafm-7u81-2qhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224028?format=json","vulnerability_id":"VCID-uux8-mqnn-dye4","summary":"Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26415","reference_id":"","reference_type":"","scores":[{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36555","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36933","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37103","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37136","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36964","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37015","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37028","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37038","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37003","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36977","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37022","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37005","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36945","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.3672","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36688","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.366","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36484","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26415"},{"reference_url":"https://security.archlinux.org/AVG-1333","reference_id":"AVG-1333","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1333"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374156?format=json","purl":"pkg:alpm/archlinux/gitlab@13.6.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1"}],"aliases":["CVE-2020-26415"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uux8-mqnn-dye4"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.6.2-1"}