{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","type":"deb","namespace":"debian","name":"gitlab","version":"15.10.8+ds1-2","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"15.11.11+ds1-1","latest_non_vulnerable_version":"17.6.5-19","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/284870?format=json","vulnerability_id":"VCID-141u-az5k-r3f8","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0508","reference_id":"","reference_type":"","scores":[{"value":"0.03964","scoring_system":"epss","scoring_elements":"0.88414","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03964","scoring_system":"epss","scoring_elements":"0.88378","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03964","scoring_system":"epss","scoring_elements":"0.88371","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03964","scoring_system":"epss","scoring_elements":"0.8837","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03964","scoring_system":"epss","scoring_elements":"0.88385","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03964","scoring_system":"epss","scoring_elements":"0.88381","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03964","scoring_system":"epss","scoring_elements":"0.88398","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03964","scoring_system":"epss","scoring_elements":"0.88402","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03964","scoring_system":"epss","scoring_elements":"0.88337","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03964","scoring_system":"epss","scoring_elements":"0.88342","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03964","scoring_system":"epss","scoring_elements":"0.88361","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03964","scoring_system":"epss","scoring_elements":"0.88368","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04627","scoring_system":"epss","scoring_elements":"0.89234","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0508"},{"reference_url":"https://hackerone.com/reports/1842314","reference_id":"1842314","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:58:14Z/"}],"url":"https://hackerone.com/reports/1842314"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/389328","reference_id":"389328","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:58:14Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/389328"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0508.json","reference_id":"CVE-2023-0508.json","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:58:14Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0508.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-0508"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-141u-az5k-r3f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240482?format=json","vulnerability_id":"VCID-15mz-35gt-pbaq","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22192","reference_id":"","reference_type":"","scores":[{"value":"0.81162","scoring_system":"epss","scoring_elements":"0.99172","published_at":"2026-05-05T12:55:00Z"},{"value":"0.81162","scoring_system":"epss","scoring_elements":"0.99154","published_at":"2026-04-01T12:55:00Z"},{"value":"0.81162","scoring_system":"epss","scoring_elements":"0.99155","published_at":"2026-04-02T12:55:00Z"},{"value":"0.81162","scoring_system":"epss","scoring_elements":"0.99158","published_at":"2026-04-04T12:55:00Z"},{"value":"0.81162","scoring_system":"epss","scoring_elements":"0.99161","published_at":"2026-04-07T12:55:00Z"},{"value":"0.81162","scoring_system":"epss","scoring_elements":"0.99162","published_at":"2026-04-13T12:55:00Z"},{"value":"0.81162","scoring_system":"epss","scoring_elements":"0.99163","published_at":"2026-04-16T12:55:00Z"},{"value":"0.81162","scoring_system":"epss","scoring_elements":"0.99165","published_at":"2026-04-21T12:55:00Z"},{"value":"0.81162","scoring_system":"epss","scoring_elements":"0.99167","published_at":"2026-04-24T12:55:00Z"},{"value":"0.81162","scoring_system":"epss","scoring_elements":"0.99168","published_at":"2026-04-26T12:55:00Z"},{"value":"0.81162","scoring_system":"epss","scoring_elements":"0.99169","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22192"},{"reference_url":"https://security.archlinux.org/ASA-202103-13","reference_id":"ASA-202103-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202103-13"},{"reference_url":"https://security.archlinux.org/AVG-1710","reference_id":"AVG-1710","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1710"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22192"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-15mz-35gt-pbaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256788?format=json","vulnerability_id":"VCID-17gb-vdxv-fqc4","summary":"Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be accessed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39918","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45083","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4532","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45342","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45285","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4534","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45362","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4533","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45332","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45383","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45379","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45329","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45246","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45187","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39918"},{"reference_url":"https://security.archlinux.org/AVG-2604","reference_id":"AVG-2604","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2604"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39918"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-17gb-vdxv-fqc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279462?format=json","vulnerability_id":"VCID-1bre-tbu7-myhd","summary":"An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3902","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44657","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44956","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44906","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44815","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44823","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44765","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44904","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44923","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44864","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44917","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44919","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.4494","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44908","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.4491","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44962","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3902"},{"reference_url":"https://hackerone.com/reports/1757999","reference_id":"1757999","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:00:00Z/"}],"url":"https://hackerone.com/reports/1757999"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/381895","reference_id":"381895","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:00:00Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/381895"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3902.json","reference_id":"CVE-2022-3902.json","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:00:00Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3902.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3902"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bre-tbu7-myhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273262?format=json","vulnerability_id":"VCID-1bwp-vqnn-2ud2","summary":"An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2250","reference_id":"","reference_type":"","scores":[{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50459","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50488","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50441","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50495","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50492","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50535","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50512","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50497","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.5054","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50545","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50521","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50467","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50476","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.5043","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50353","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2250"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2250"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bwp-vqnn-2ud2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/285703?format=json","vulnerability_id":"VCID-1cxd-7cew-mfhg","summary":"A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1710","reference_id":"","reference_type":"","scores":[{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.85965","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.8591","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.85908","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.85902","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.8592","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.85925","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.85916","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.85937","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.85946","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.85867","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.85886","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.85896","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02856","scoring_system":"epss","scoring_elements":"0.86201","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02856","scoring_system":"epss","scoring_elements":"0.86188","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1710"},{"reference_url":"https://hackerone.com/reports/1829768","reference_id":"1829768","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:49:20Z/"}],"url":"https://hackerone.com/reports/1829768"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/388242","reference_id":"388242","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:49:20Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/388242"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1710.json","reference_id":"CVE-2023-1710.json","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:49:20Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1710.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-1710"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1cxd-7cew-mfhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256810?format=json","vulnerability_id":"VCID-1f4t-7du8-q3ex","summary":"A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted deploy Slash commands","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39938","reference_id":"","reference_type":"","scores":[{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33233","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33591","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33923","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33954","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33808","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.3385","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33882","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33881","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33839","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33814","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33853","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33807","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33441","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33423","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33341","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39938"},{"reference_url":"https://security.archlinux.org/ASA-202112-10","reference_id":"ASA-202112-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-10"},{"reference_url":"https://security.archlinux.org/AVG-2603","reference_id":"AVG-2603","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2603"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39938"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1f4t-7du8-q3ex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266413?format=json","vulnerability_id":"VCID-1t9u-drzk-5ffz","summary":"A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2500","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48663","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48768","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48794","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48748","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48802","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48799","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48816","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.4879","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48798","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48847","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48843","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48749","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2500"},{"reference_url":"https://security.archlinux.org/AVG-2785","reference_id":"AVG-2785","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2785"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2500"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1t9u-drzk-5ffz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265332?format=json","vulnerability_id":"VCID-1tja-ztb9-myhy","summary":"An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1431","reference_id":"","reference_type":"","scores":[{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55795","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55783","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55895","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55917","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55896","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55947","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55949","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55958","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55938","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5592","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55957","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5596","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55934","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5586","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55879","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55854","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1431"},{"reference_url":"https://security.archlinux.org/AVG-2696","reference_id":"AVG-2696","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1431"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1tja-ztb9-myhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256709?format=json","vulnerability_id":"VCID-1tp6-v3h3-sfc1","summary":"A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39866","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49376","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49439","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49467","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49494","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49447","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49502","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49497","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49514","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49486","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49488","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49535","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49533","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49504","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49458","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39866"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39866"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1tp6-v3h3-sfc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256757?format=json","vulnerability_id":"VCID-1z31-8t4f-hbes","summary":"In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account and splitting the attack over several IP addresses and passing in the compromised session value from these various locations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39899","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21745","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22017","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22175","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22223","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22006","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22142","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.2216","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22119","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22059","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22058","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22051","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22004","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21863","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21851","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21837","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39899"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39899"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1z31-8t4f-hbes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240498?format=json","vulnerability_id":"VCID-21su-ba8v-huay","summary":"An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22202","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.35812","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.3623","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.3642","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36453","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36336","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36357","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36364","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36327","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36306","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36348","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36332","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36277","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36045","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36015","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.35928","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22202"},{"reference_url":"https://security.archlinux.org/AVG-1770","reference_id":"AVG-1770","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1770"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22202"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-21su-ba8v-huay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265323?format=json","vulnerability_id":"VCID-221v-5q8x-5ygz","summary":"Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1417","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51415","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51419","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5147","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51497","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51457","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51511","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51509","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51552","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51531","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51519","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51563","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51571","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5155","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51503","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5151","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1417"},{"reference_url":"https://security.archlinux.org/AVG-2696","reference_id":"AVG-2696","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1417"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-221v-5q8x-5ygz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240503?format=json","vulnerability_id":"VCID-24mf-t2wp-t7cb","summary":"An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22206","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29816","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.3036","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30389","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30435","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30246","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30306","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.3034","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30344","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.303","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30252","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30267","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30249","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30204","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.3014","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30025","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29949","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22206"},{"reference_url":"https://security.archlinux.org/ASA-202105-4","reference_id":"ASA-202105-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-4"},{"reference_url":"https://security.archlinux.org/AVG-1888","reference_id":"AVG-1888","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1888"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22206"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-24mf-t2wp-t7cb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240489?format=json","vulnerability_id":"VCID-2978-z7hp-tked","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22196","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40616","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4095","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41031","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41063","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40989","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41038","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41045","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41064","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41029","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41012","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41054","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41025","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40949","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40856","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40843","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40759","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22196"},{"reference_url":"https://security.archlinux.org/AVG-1770","reference_id":"AVG-1770","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1770"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22196"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2978-z7hp-tked"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265346?format=json","vulnerability_id":"VCID-2gxb-vk9m-c3hd","summary":"An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not performing correct authorizations on scheduled pipelines allowing a malicious user to run a pipeline in the context of another user.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1460","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49328","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49396","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49424","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49451","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49404","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49459","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49454","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49472","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49443","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49445","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49491","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49489","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49448","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49458","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49414","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1460"},{"reference_url":"https://security.archlinux.org/AVG-2696","reference_id":"AVG-2696","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1460"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2gxb-vk9m-c3hd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264550?format=json","vulnerability_id":"VCID-2m6v-spsr-vqd9","summary":"Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0427","reference_id":"","reference_type":"","scores":[{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30863","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30989","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.31037","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30855","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30913","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30943","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30947","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30904","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30859","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30891","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.3087","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30837","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30673","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30557","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30473","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30332","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0427"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0427"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2m6v-spsr-vqd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256749?format=json","vulnerability_id":"VCID-2smt-c8fa-5qhf","summary":"A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39893","reference_id":"","reference_type":"","scores":[{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60317","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60218","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60294","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60319","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60287","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60337","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60353","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60374","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.6036","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60342","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60383","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60391","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.6038","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60357","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60371","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60359","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39893"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39893"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2smt-c8fa-5qhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240492?format=json","vulnerability_id":"VCID-2tqx-h18v-kbcg","summary":"An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22198","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53256","published_at":"2026-05-05T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53244","published_at":"2026-04-01T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53268","published_at":"2026-04-02T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53294","published_at":"2026-04-04T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53262","published_at":"2026-04-07T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53314","published_at":"2026-04-08T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53309","published_at":"2026-04-09T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.5336","published_at":"2026-04-11T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53344","published_at":"2026-04-12T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53327","published_at":"2026-04-13T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53365","published_at":"2026-04-16T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.5337","published_at":"2026-04-18T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53351","published_at":"2026-04-21T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53323","published_at":"2026-04-24T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53335","published_at":"2026-04-26T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53298","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22198"},{"reference_url":"https://security.archlinux.org/AVG-1770","reference_id":"AVG-1770","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1770"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22198"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2tqx-h18v-kbcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256764?format=json","vulnerability_id":"VCID-2uqd-mtms-fqaw","summary":"In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39903","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48664","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48729","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48768","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48794","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48748","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48803","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.488","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48817","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48791","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48798","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48847","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48843","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48802","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48799","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.4875","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39903"},{"reference_url":"https://security.archlinux.org/AVG-2503","reference_id":"AVG-2503","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39903"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2uqd-mtms-fqaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265166?format=json","vulnerability_id":"VCID-2x5t-aj8x-guhs","summary":"A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge requests, Milestones, Snippets, Wiki pages, etc.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1174","reference_id":"","reference_type":"","scores":[{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.632","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.6326","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63289","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63254","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63305","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63323","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.6334","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63324","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63288","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63325","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63332","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63312","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63331","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63344","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63342","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63313","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1174"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1174"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2x5t-aj8x-guhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265129?format=json","vulnerability_id":"VCID-2znk-pbmh-aufj","summary":"A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1100","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37666","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37848","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37873","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37751","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37802","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37814","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37829","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37793","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37768","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37816","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37797","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37736","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37498","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37476","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37386","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37268","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1100"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1100"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2znk-pbmh-aufj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240497?format=json","vulnerability_id":"VCID-396g-fjpn-qucv","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22201","reference_id":"","reference_type":"","scores":[{"value":"0.0899","scoring_system":"epss","scoring_elements":"0.92636","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0899","scoring_system":"epss","scoring_elements":"0.92579","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0899","scoring_system":"epss","scoring_elements":"0.92584","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0899","scoring_system":"epss","scoring_elements":"0.92591","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0899","scoring_system":"epss","scoring_elements":"0.92592","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0899","scoring_system":"epss","scoring_elements":"0.92603","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0899","scoring_system":"epss","scoring_elements":"0.92608","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0899","scoring_system":"epss","scoring_elements":"0.92614","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0899","scoring_system":"epss","scoring_elements":"0.92627","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0899","scoring_system":"epss","scoring_elements":"0.92626","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0899","scoring_system":"epss","scoring_elements":"0.92629","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0899","scoring_system":"epss","scoring_elements":"0.92632","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0899","scoring_system":"epss","scoring_elements":"0.92631","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22201"},{"reference_url":"https://security.archlinux.org/AVG-1770","reference_id":"AVG-1770","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1770"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22201"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-396g-fjpn-qucv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240493?format=json","vulnerability_id":"VCID-3buj-yj37-mkbs","summary":"An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22199","reference_id":"","reference_type":"","scores":[{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37768","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38161","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38298","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38321","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.3819","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.3824","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38248","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38267","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38231","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38207","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38254","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38234","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38166","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38002","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37979","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37883","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22199"},{"reference_url":"https://security.archlinux.org/AVG-1770","reference_id":"AVG-1770","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1770"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22199"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3buj-yj37-mkbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279101?format=json","vulnerability_id":"VCID-3ejs-8115-83df","summary":"An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3280","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37296","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37819","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37759","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37522","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.375","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37411","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37871","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37896","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37774","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37825","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37853","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37817","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37791","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3280"},{"reference_url":"https://hackerone.com/reports/1475686","reference_id":"1475686","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:25:07Z/"}],"url":"https://hackerone.com/reports/1475686"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/352611","reference_id":"352611","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:25:07Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/352611"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3280.json","reference_id":"CVE-2022-3280.json","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:25:07Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3280.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3280"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ejs-8115-83df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240520?format=json","vulnerability_id":"VCID-3gk7-f7rw-s3bt","summary":"An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22220","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35058","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35418","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35618","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35643","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35525","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35571","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35595","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35605","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35561","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35538","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35577","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35567","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35516","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35278","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35257","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35179","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22220"},{"reference_url":"https://security.archlinux.org/ASA-202106-21","reference_id":"ASA-202106-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-21"},{"reference_url":"https://security.archlinux.org/AVG-2023","reference_id":"AVG-2023","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22220"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3gk7-f7rw-s3bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240459?format=json","vulnerability_id":"VCID-3gr5-39vn-rkdp","summary":"Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22177","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37409","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37574","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37598","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37475","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37526","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37539","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37553","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37518","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37491","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37538","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3752","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37455","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37236","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37215","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37123","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37004","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22177"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22177"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3gr5-39vn-rkdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/292127?format=json","vulnerability_id":"VCID-3hda-k2mb-hkad","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted payloads to the preview_markdown endpoint.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2132","reference_id":"","reference_type":"","scores":[{"value":"0.01433","scoring_system":"epss","scoring_elements":"0.80767","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01433","scoring_system":"epss","scoring_elements":"0.80706","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01433","scoring_system":"epss","scoring_elements":"0.80709","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01433","scoring_system":"epss","scoring_elements":"0.80732","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01433","scoring_system":"epss","scoring_elements":"0.80736","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01433","scoring_system":"epss","scoring_elements":"0.8075","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01433","scoring_system":"epss","scoring_elements":"0.80622","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01433","scoring_system":"epss","scoring_elements":"0.80644","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01433","scoring_system":"epss","scoring_elements":"0.80639","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01433","scoring_system":"epss","scoring_elements":"0.80667","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01433","scoring_system":"epss","scoring_elements":"0.80676","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01433","scoring_system":"epss","scoring_elements":"0.80692","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01433","scoring_system":"epss","scoring_elements":"0.80679","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01433","scoring_system":"epss","scoring_elements":"0.80671","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2132"},{"reference_url":"https://hackerone.com/reports/1934711","reference_id":"1934711","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:33:44Z/"}],"url":"https://hackerone.com/reports/1934711"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/407586","reference_id":"407586","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:33:44Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/407586"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2132.json","reference_id":"CVE-2023-2132.json","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:33:44Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2132.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-2132"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3hda-k2mb-hkad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240577?format=json","vulnerability_id":"VCID-3kdp-3q1x-buh8","summary":"A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22260","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36865","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.37035","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.37068","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36896","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36947","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36959","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36968","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36933","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36908","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36953","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36936","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36877","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.3665","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36618","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.3653","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36416","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22260"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22260"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kdp-3q1x-buh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240557?format=json","vulnerability_id":"VCID-3ks6-33qp-nybx","summary":"A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22246","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44952","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45033","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45056","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44999","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.4505","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45051","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45074","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45042","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45044","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45093","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45087","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45038","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.4495","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44959","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44902","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44796","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22246"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22246"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ks6-33qp-nybx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279119?format=json","vulnerability_id":"VCID-3sz1-hdfk-rkgd","summary":"It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3330","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.3047","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37246","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37158","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36933","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36901","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36814","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37342","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.3717","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37222","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37236","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37317","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37212","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37186","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37232","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37215","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3330"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/365827","reference_id":"365827","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T20:17:40Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/365827"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3330.json","reference_id":"CVE-2022-3330.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T20:17:40Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3330.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3330"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3sz1-hdfk-rkgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266411?format=json","vulnerability_id":"VCID-3szm-mdpf-6ua7","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2534","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43765","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44056","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44079","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4401","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44062","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44064","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44047","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44031","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44092","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44083","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44017","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43968","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43972","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43887","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2534"},{"reference_url":"https://security.archlinux.org/AVG-2785","reference_id":"AVG-2785","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2785"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2534"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3szm-mdpf-6ua7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265644?format=json","vulnerability_id":"VCID-3wq9-j84d-kucf","summary":"Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1935","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34355","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34673","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34699","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34568","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34611","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34641","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34643","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34604","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34581","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34619","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34605","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34566","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34209","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34189","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34104","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.33982","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1935"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1935"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3wq9-j84d-kucf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273263?format=json","vulnerability_id":"VCID-3zax-7j7d-f7d1","summary":"Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2251","reference_id":"","reference_type":"","scores":[{"value":"0.022","scoring_system":"epss","scoring_elements":"0.84501","published_at":"2026-05-05T12:55:00Z"},{"value":"0.022","scoring_system":"epss","scoring_elements":"0.84442","published_at":"2026-04-18T12:55:00Z"},{"value":"0.022","scoring_system":"epss","scoring_elements":"0.84443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.022","scoring_system":"epss","scoring_elements":"0.84469","published_at":"2026-04-24T12:55:00Z"},{"value":"0.022","scoring_system":"epss","scoring_elements":"0.84478","published_at":"2026-04-26T12:55:00Z"},{"value":"0.022","scoring_system":"epss","scoring_elements":"0.84482","published_at":"2026-04-29T12:55:00Z"},{"value":"0.022","scoring_system":"epss","scoring_elements":"0.84361","published_at":"2026-04-02T12:55:00Z"},{"value":"0.022","scoring_system":"epss","scoring_elements":"0.84382","published_at":"2026-04-04T12:55:00Z"},{"value":"0.022","scoring_system":"epss","scoring_elements":"0.84384","published_at":"2026-04-07T12:55:00Z"},{"value":"0.022","scoring_system":"epss","scoring_elements":"0.84406","published_at":"2026-04-08T12:55:00Z"},{"value":"0.022","scoring_system":"epss","scoring_elements":"0.84411","published_at":"2026-04-09T12:55:00Z"},{"value":"0.022","scoring_system":"epss","scoring_elements":"0.84429","published_at":"2026-04-11T12:55:00Z"},{"value":"0.022","scoring_system":"epss","scoring_elements":"0.84423","published_at":"2026-04-12T12:55:00Z"},{"value":"0.022","scoring_system":"epss","scoring_elements":"0.84419","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2251"},{"reference_url":"https://hackerone.com/reports/1063511","reference_id":"1063511","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-08T18:20:33Z/"}],"url":"https://hackerone.com/reports/1063511"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386","reference_id":"27386","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-08T18:20:33Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json","reference_id":"CVE-2022-2251.json","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-08T18:20:33Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2251"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3zax-7j7d-f7d1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256754?format=json","vulnerability_id":"VCID-4pa9-gyq6-u7ht","summary":"In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39896","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41254","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.4155","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41638","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41666","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41593","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41643","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41652","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41675","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41628","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41676","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41649","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41574","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41467","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41464","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41386","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39896"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39896"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4pa9-gyq6-u7ht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279223?format=json","vulnerability_id":"VCID-4vc7-t55g-n7c4","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3483","reference_id":"","reference_type":"","scores":[{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55863","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56019","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55993","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55919","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.5594","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55915","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55954","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55975","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55953","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56004","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56007","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56018","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55998","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.5598","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56016","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3483"},{"reference_url":"https://hackerone.com/reports/1724402","reference_id":"1724402","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:28:33Z/"}],"url":"https://hackerone.com/reports/1724402"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/377799","reference_id":"377799","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:28:33Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/377799"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3483.json","reference_id":"CVE-2022-3483.json","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:28:33Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3483.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3483"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4vc7-t55g-n7c4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/285048?format=json","vulnerability_id":"VCID-4xj4-ekjd-6yc4","summary":"An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0756","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35025","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44675","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44718","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44711","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44641","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44555","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44559","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44479","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44685","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44622","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44673","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44664","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44692","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44662","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0756"},{"reference_url":"https://hackerone.com/reports/1864278","reference_id":"1864278","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-12T16:08:01Z/"}],"url":"https://hackerone.com/reports/1864278"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/390910","reference_id":"390910","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-12T16:08:01Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/390910"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0756.json","reference_id":"CVE-2023-0756.json","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-12T16:08:01Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0756.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-0756"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4xj4-ekjd-6yc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265333?format=json","vulnerability_id":"VCID-4xun-1v5s-uqbt","summary":"An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS vulnerability (CVE-2022-1175) to persist and execute.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1433","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45111","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45264","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45346","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45309","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45364","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45387","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45356","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45357","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45409","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45404","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45354","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45265","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45271","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45212","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1433"},{"reference_url":"https://security.archlinux.org/AVG-2696","reference_id":"AVG-2696","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1433"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4xun-1v5s-uqbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256756?format=json","vulnerability_id":"VCID-54ws-nrwe-wucv","summary":"In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39898","reference_id":"","reference_type":"","scores":[{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53311","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53302","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53325","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53351","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53321","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53373","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53367","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53419","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53403","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53387","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53424","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.5343","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.5341","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53382","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53394","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53357","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39898"},{"reference_url":"https://security.archlinux.org/AVG-2503","reference_id":"AVG-2503","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39898"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-54ws-nrwe-wucv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256746?format=json","vulnerability_id":"VCID-55t2-2xm4-eqdt","summary":"In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's impersonation of a user are not cleared at the end of impersonation which may lead to unnecessary sensitive info disclosure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39891","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29471","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30008","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30047","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30093","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29906","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29968","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30003","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29962","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29913","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29931","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.2991","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29864","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29786","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29673","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29613","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39891"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39891"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-55t2-2xm4-eqdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240524?format=json","vulnerability_id":"VCID-55tn-dhah-8fak","summary":"A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22224","reference_id":"","reference_type":"","scores":[{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59025","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.58961","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59036","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59058","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59023","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59074","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.5908","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59099","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59081","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59062","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59097","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59101","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59061","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59078","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59065","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22224"},{"reference_url":"https://security.archlinux.org/ASA-202107-18","reference_id":"ASA-202107-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-18"},{"reference_url":"https://security.archlinux.org/AVG-2125","reference_id":"AVG-2125","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22224"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-55tn-dhah-8fak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273249?format=json","vulnerability_id":"VCID-55xy-kgmw-wkhz","summary":"An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2229","reference_id":"","reference_type":"","scores":[{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44193","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44216","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44148","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44199","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44203","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44219","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44186","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44247","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44237","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44166","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.4409","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44093","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44008","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.43885","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2229"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2229"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-55xy-kgmw-wkhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264307?format=json","vulnerability_id":"VCID-58qy-wsd7-c7gc","summary":"An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a Cross-Site Request Forgery attack that allows a malicious user to have their GitHub project imported on another GitLab user account.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0154","reference_id":"","reference_type":"","scores":[{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33023","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33154","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33187","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33017","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33061","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33092","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33094","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33056","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33032","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33074","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33051","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33012","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32866","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32848","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32771","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32658","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0154"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-58qy-wsd7-c7gc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/292380?format=json","vulnerability_id":"VCID-58sz-3zn5-qbh4","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they import members from another project that those other users are Owners of.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2485","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37272","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37771","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37819","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37799","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37739","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37501","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37479","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37388","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37875","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37754","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37805","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37817","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37832","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37796","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41584","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2485"},{"reference_url":"https://hackerone.com/reports/1934811","reference_id":"1934811","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T15:44:06Z/"}],"url":"https://hackerone.com/reports/1934811"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/407830","reference_id":"407830","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T15:44:06Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/407830"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2485.json","reference_id":"CVE-2023-2485.json","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T15:44:06Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2485.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-2485"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-58sz-3zn5-qbh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240583?format=json","vulnerability_id":"VCID-5dp5-a23a-yuex","summary":"An issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. Under specialized conditions, an invited group member may continue to have access to a project even after the invited group, which the member was part of, is deleted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22264","reference_id":"","reference_type":"","scores":[{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34174","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34512","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.3454","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34408","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.3445","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34479","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34481","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34442","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34418","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34453","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34439","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.344","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34028","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34009","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33923","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33801","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22264"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22264"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5dp5-a23a-yuex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/283865?format=json","vulnerability_id":"VCID-5sn3-16ru-d7g8","summary":"A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4201","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27843","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28194","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28082","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28004","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28498","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28541","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28337","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28403","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28445","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28448","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28405","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28347","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28358","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28336","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2829","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4201"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/30376","reference_id":"30376","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:20:53Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/30376"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4201.json","reference_id":"CVE-2022-4201.json","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:20:53Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4201.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-4201"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5sn3-16ru-d7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256803?format=json","vulnerability_id":"VCID-5t99-3qbr-sfdj","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39933","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40339","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.4068","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40764","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40791","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40715","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40765","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40772","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40757","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40738","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40783","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40753","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40675","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.4058","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40567","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40484","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39933"},{"reference_url":"https://security.archlinux.org/ASA-202112-10","reference_id":"ASA-202112-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-10"},{"reference_url":"https://security.archlinux.org/AVG-2603","reference_id":"AVG-2603","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2603"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39933"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5t99-3qbr-sfdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240470?format=json","vulnerability_id":"VCID-5w9b-xtnz-dygc","summary":"An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22184","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2169","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21856","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2191","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21677","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21754","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21811","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21822","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21782","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21725","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21732","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21698","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21551","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21545","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21535","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21439","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22184"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22184"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5w9b-xtnz-dygc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265321?format=json","vulnerability_id":"VCID-62y5-e7f4-7kbz","summary":"Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1413","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43048","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43275","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43332","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4336","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43299","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43351","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43365","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43386","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43355","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43339","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43399","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43388","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43323","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43257","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43259","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43181","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1413"},{"reference_url":"https://security.archlinux.org/AVG-2696","reference_id":"AVG-2696","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1413"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-62y5-e7f4-7kbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256727?format=json","vulnerability_id":"VCID-63cc-p6xr-qqcc","summary":"A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39878","reference_id":"","reference_type":"","scores":[{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39748","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40091","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40241","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40266","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40188","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40251","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40263","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40225","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40205","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40253","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40223","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40146","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39972","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39957","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39877","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39878"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39878"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63cc-p6xr-qqcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240525?format=json","vulnerability_id":"VCID-64wb-wrxa-afb2","summary":"Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22225","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3287","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33232","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33366","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33398","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33276","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3331","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33314","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33273","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33249","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33288","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33265","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33229","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33081","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33064","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32988","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22225"},{"reference_url":"https://security.archlinux.org/ASA-202107-18","reference_id":"ASA-202107-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-18"},{"reference_url":"https://security.archlinux.org/AVG-2125","reference_id":"AVG-2125","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22225"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64wb-wrxa-afb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/284879?format=json","vulnerability_id":"VCID-67en-ypnv-skgz","summary":"An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0523","reference_id":"","reference_type":"","scores":[{"value":"0.18491","scoring_system":"epss","scoring_elements":"0.95273","published_at":"2026-05-05T12:55:00Z"},{"value":"0.18491","scoring_system":"epss","scoring_elements":"0.9523","published_at":"2026-04-08T12:55:00Z"},{"value":"0.18491","scoring_system":"epss","scoring_elements":"0.95234","published_at":"2026-04-09T12:55:00Z"},{"value":"0.18491","scoring_system":"epss","scoring_elements":"0.9524","published_at":"2026-04-12T12:55:00Z"},{"value":"0.18491","scoring_system":"epss","scoring_elements":"0.95243","published_at":"2026-04-13T12:55:00Z"},{"value":"0.18491","scoring_system":"epss","scoring_elements":"0.95251","published_at":"2026-04-16T12:55:00Z"},{"value":"0.18491","scoring_system":"epss","scoring_elements":"0.95254","published_at":"2026-04-18T12:55:00Z"},{"value":"0.18491","scoring_system":"epss","scoring_elements":"0.95257","published_at":"2026-04-24T12:55:00Z"},{"value":"0.18491","scoring_system":"epss","scoring_elements":"0.95259","published_at":"2026-04-29T12:55:00Z"},{"value":"0.18491","scoring_system":"epss","scoring_elements":"0.95223","published_at":"2026-04-07T12:55:00Z"},{"value":"0.19609","scoring_system":"epss","scoring_elements":"0.95395","published_at":"2026-04-04T12:55:00Z"},{"value":"0.19609","scoring_system":"epss","scoring_elements":"0.95388","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0523"},{"reference_url":"https://hackerone.com/reports/1842867","reference_id":"1842867","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:09:27Z/"}],"url":"https://hackerone.com/reports/1842867"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/389487","reference_id":"389487","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:09:27Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/389487"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0523.json","reference_id":"CVE-2023-0523.json","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:09:27Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0523.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-0523"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-67en-ypnv-skgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265153?format=json","vulnerability_id":"VCID-67ve-bq9s-vqes","summary":"Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1157","reference_id":"","reference_type":"","scores":[{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43869","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43913","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43936","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43866","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43916","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43918","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43937","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43904","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43888","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.4395","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43941","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43873","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43825","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43828","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43748","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43621","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1157"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1157"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-67ve-bq9s-vqes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264404?format=json","vulnerability_id":"VCID-6d62-e1zf-wfcx","summary":"A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0249","reference_id":"","reference_type":"","scores":[{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.461","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.4614","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.4616","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46108","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46164","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46161","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46156","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46165","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46222","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46218","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46162","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46143","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46151","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46092","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.45995","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0249"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0249"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6d62-e1zf-wfcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264514?format=json","vulnerability_id":"VCID-6mxv-vb6s-uuga","summary":"Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0390","reference_id":"","reference_type":"","scores":[{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.4962","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.4965","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49677","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49684","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49678","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49696","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49667","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49669","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49717","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49715","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49686","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49676","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49643","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49559","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0390"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0390"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6mxv-vb6s-uuga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256812?format=json","vulnerability_id":"VCID-6ns1-mx95-5ffe","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39940","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40339","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.4068","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40764","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40791","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40715","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40765","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40772","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40757","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40738","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40783","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40753","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40675","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.4058","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40567","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40484","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39940"},{"reference_url":"https://security.archlinux.org/ASA-202112-10","reference_id":"ASA-202112-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-10"},{"reference_url":"https://security.archlinux.org/AVG-2603","reference_id":"AVG-2603","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2603"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39940"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ns1-mx95-5ffe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240509?format=json","vulnerability_id":"VCID-6tyy-j5zg-zkgw","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22211","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37007","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37411","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37577","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37601","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37478","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37529","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37542","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37556","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37521","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37495","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37523","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37459","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37218","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37126","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22211"},{"reference_url":"https://security.archlinux.org/ASA-202105-4","reference_id":"ASA-202105-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-4"},{"reference_url":"https://security.archlinux.org/AVG-1888","reference_id":"AVG-1888","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1888"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22211"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6tyy-j5zg-zkgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256771?format=json","vulnerability_id":"VCID-6uvg-uqe6-tud1","summary":"A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39907","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4797","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48044","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48082","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48103","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48053","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48106","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48101","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48124","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48099","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48111","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48163","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48158","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48113","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48094","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48105","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4805","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39907"},{"reference_url":"https://security.archlinux.org/AVG-2503","reference_id":"AVG-2503","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39907"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6uvg-uqe6-tud1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256714?format=json","vulnerability_id":"VCID-6y4r-d3eu-hqcp","summary":"In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39869","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47916","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47985","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48023","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48044","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47994","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48047","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4804","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48065","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48041","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48053","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48105","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.481","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48056","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48037","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48049","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47997","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39869"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39869"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6y4r-d3eu-hqcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240506?format=json","vulnerability_id":"VCID-6yhw-9sqw-zuge","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22209","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40015","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40353","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.4044","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40466","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40389","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40441","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40452","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40473","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40435","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40416","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40464","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40432","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40357","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40248","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40235","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40154","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22209"},{"reference_url":"https://security.archlinux.org/ASA-202105-4","reference_id":"ASA-202105-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-4"},{"reference_url":"https://security.archlinux.org/AVG-1888","reference_id":"AVG-1888","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1888"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22209"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6yhw-9sqw-zuge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256804?format=json","vulnerability_id":"VCID-71j9-ra1c-6uhm","summary":"Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39934","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47969","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48044","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48081","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48102","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48052","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48105","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.481","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48123","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48099","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4811","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48163","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48158","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48112","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48093","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48049","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39934"},{"reference_url":"https://security.archlinux.org/ASA-202112-10","reference_id":"ASA-202112-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-10"},{"reference_url":"https://security.archlinux.org/AVG-2603","reference_id":"AVG-2603","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2603"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39934"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-71j9-ra1c-6uhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273258?format=json","vulnerability_id":"VCID-748c-dwt8-quhs","summary":"An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2243","reference_id":"","reference_type":"","scores":[{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40114","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.4014","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40061","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40113","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40127","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40136","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40099","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.4008","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.4013","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40101","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40023","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39851","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39835","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39753","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39626","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2243"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2243"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-748c-dwt8-quhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279369?format=json","vulnerability_id":"VCID-74tz-v2r7-4kfr","summary":"Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3767","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43764","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43967","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4397","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43885","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44055","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44078","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44009","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4406","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44062","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44045","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44029","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44091","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44082","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44016","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3767"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/377473","reference_id":"377473","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T17:27:43Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/377473"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3767.json","reference_id":"CVE-2022-3767.json","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T17:27:43Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3767.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3767"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-74tz-v2r7-4kfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240573?format=json","vulnerability_id":"VCID-778s-qxnk-uuda","summary":"Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22256","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4532","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45342","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45285","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4534","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45362","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4533","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45332","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45383","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45379","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45329","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45246","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45187","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45083","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22256"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22256"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-778s-qxnk-uuda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240446?format=json","vulnerability_id":"VCID-7fnb-yfbq-bfeh","summary":"A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22168","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37889","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.3828","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38418","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38442","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38306","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38356","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38364","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38381","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38343","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38318","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38366","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38346","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38281","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38122","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38098","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38005","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22168"},{"reference_url":"https://security.archlinux.org/ASA-202101-10","reference_id":"ASA-202101-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-10"},{"reference_url":"https://security.archlinux.org/AVG-1416","reference_id":"AVG-1416","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1416"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22168"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7fnb-yfbq-bfeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273401?format=json","vulnerability_id":"VCID-7h1s-s2pa-zbc6","summary":"A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing a malicious project.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2455","reference_id":"","reference_type":"","scores":[{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40436","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49032","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.4903","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49036","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49081","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49047","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49041","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.48997","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.5047","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50429","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50382","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50435","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.504","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2455"},{"reference_url":"https://hackerone.com/reports/1542230","reference_id":"1542230","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:41:15Z/"}],"url":"https://hackerone.com/reports/1542230"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/359964","reference_id":"359964","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:41:15Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/359964"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2455.json","reference_id":"CVE-2022-2455.json","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:41:15Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2455.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2455"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7h1s-s2pa-zbc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256731?format=json","vulnerability_id":"VCID-7m1c-tbzh-fueb","summary":"In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39881","reference_id":"","reference_type":"","scores":[{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48442","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48511","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48546","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48569","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48521","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48575","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48571","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48593","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48566","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48578","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48629","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48624","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48582","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48526","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39881"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39881"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7m1c-tbzh-fueb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279244?format=json","vulnerability_id":"VCID-7ndg-d3fs-67a3","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the submodule URL parser.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3514","reference_id":"","reference_type":"","scores":[{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56483","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56622","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56594","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56529","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56548","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.5653","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56574","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56595","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56573","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56624","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56629","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56638","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56613","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56592","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56623","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3514"},{"reference_url":"https://hackerone.com/reports/1727201","reference_id":"1727201","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:55:35Z/"}],"url":"https://hackerone.com/reports/1727201"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/377978","reference_id":"377978","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:55:35Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/377978"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3514.json","reference_id":"CVE-2022-3514.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:55:35Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3514.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3514"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ndg-d3fs-67a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/284003?format=json","vulnerability_id":"VCID-7rsn-cjes-gbe3","summary":"An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4376","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32854","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32749","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32723","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32763","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32739","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32559","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32442","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3236","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32889","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3271","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32758","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32785","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32787","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.40986","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4376"},{"reference_url":"https://hackerone.com/reports/1794713","reference_id":"1794713","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:38:12Z/"}],"url":"https://hackerone.com/reports/1794713"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/385246","reference_id":"385246","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:38:12Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/385246"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4376.json","reference_id":"CVE-2022-4376.json","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:38:12Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4376.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-4376"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7rsn-cjes-gbe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273653?format=json","vulnerability_id":"VCID-8129-3vg2-a7ba","summary":"An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2826","reference_id":"","reference_type":"","scores":[{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66175","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66171","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66219","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66232","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66252","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.6624","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66209","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66245","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66259","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66243","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66202","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67394","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67419","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67408","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2826"},{"reference_url":"https://hackerone.com/reports/1646633","reference_id":"1646633","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:23:50Z/"}],"url":"https://hackerone.com/reports/1646633"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/370790","reference_id":"370790","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:23:50Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/370790"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2826.json","reference_id":"CVE-2022-2826.json","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:23:50Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2826.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2826"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8129-3vg2-a7ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256711?format=json","vulnerability_id":"VCID-81kf-hxfb-n3fb","summary":"In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39867","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34287","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3464","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34856","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34883","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3476","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34804","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34833","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34839","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.348","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34776","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34811","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34795","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34755","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34517","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34497","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34411","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39867"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39867"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-81kf-hxfb-n3fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279097?format=json","vulnerability_id":"VCID-84ef-nwwp-dbee","summary":"A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3265","reference_id":"","reference_type":"","scores":[{"value":"0.17702","scoring_system":"epss","scoring_elements":"0.9514","published_at":"2026-05-05T12:55:00Z"},{"value":"0.17702","scoring_system":"epss","scoring_elements":"0.95121","published_at":"2026-04-16T12:55:00Z"},{"value":"0.17702","scoring_system":"epss","scoring_elements":"0.95124","published_at":"2026-04-18T12:55:00Z"},{"value":"0.17702","scoring_system":"epss","scoring_elements":"0.95127","published_at":"2026-04-26T12:55:00Z"},{"value":"0.17702","scoring_system":"epss","scoring_elements":"0.95126","published_at":"2026-04-24T12:55:00Z"},{"value":"0.17702","scoring_system":"epss","scoring_elements":"0.95128","published_at":"2026-04-29T12:55:00Z"},{"value":"0.17702","scoring_system":"epss","scoring_elements":"0.9509","published_at":"2026-04-02T12:55:00Z"},{"value":"0.17702","scoring_system":"epss","scoring_elements":"0.95091","published_at":"2026-04-04T12:55:00Z"},{"value":"0.17702","scoring_system":"epss","scoring_elements":"0.95093","published_at":"2026-04-07T12:55:00Z"},{"value":"0.17702","scoring_system":"epss","scoring_elements":"0.951","published_at":"2026-04-08T12:55:00Z"},{"value":"0.17702","scoring_system":"epss","scoring_elements":"0.95103","published_at":"2026-04-09T12:55:00Z"},{"value":"0.17702","scoring_system":"epss","scoring_elements":"0.95109","published_at":"2026-04-11T12:55:00Z"},{"value":"0.17702","scoring_system":"epss","scoring_elements":"0.95111","published_at":"2026-04-12T12:55:00Z"},{"value":"0.17702","scoring_system":"epss","scoring_elements":"0.95114","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3265"},{"reference_url":"https://hackerone.com/reports/1693150","reference_id":"1693150","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:25:51Z/"}],"url":"https://hackerone.com/reports/1693150"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/374976","reference_id":"374976","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:25:51Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/374976"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3265.json","reference_id":"CVE-2022-3265.json","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:25:51Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3265.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3265"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-84ef-nwwp-dbee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256724?format=json","vulnerability_id":"VCID-88wg-nv8x-67b9","summary":"In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39876","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46521","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.4656","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46579","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46527","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46582","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46605","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46577","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46586","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46642","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.4664","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46587","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46569","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.4658","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46531","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46435","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39876"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39876"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-88wg-nv8x-67b9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240516?format=json","vulnerability_id":"VCID-8ahg-hgub-43b5","summary":"A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22217","reference_id":"","reference_type":"","scores":[{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71643","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71532","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71539","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71557","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.7153","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.7157","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71581","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71603","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71588","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71569","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71614","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71619","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71599","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71649","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71653","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71658","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22217"},{"reference_url":"https://security.archlinux.org/ASA-202106-21","reference_id":"ASA-202106-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-21"},{"reference_url":"https://security.archlinux.org/AVG-2023","reference_id":"AVG-2023","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22217"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ahg-hgub-43b5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273676?format=json","vulnerability_id":"VCID-8bfc-6wzz-f3cw","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2882","reference_id":"","reference_type":"","scores":[{"value":"0.01044","scoring_system":"epss","scoring_elements":"0.77534","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01044","scoring_system":"epss","scoring_elements":"0.77562","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01044","scoring_system":"epss","scoring_elements":"0.77555","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01044","scoring_system":"epss","scoring_elements":"0.77541","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79553","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79575","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79558","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.7955","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.7958","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79578","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79583","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79531","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79517","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79545","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79508","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2882"},{"reference_url":"https://hackerone.com/reports/1656722","reference_id":"1656722","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:08:33Z/"}],"url":"https://hackerone.com/reports/1656722"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/371082","reference_id":"371082","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:08:33Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/371082"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2882.json","reference_id":"CVE-2022-2882.json","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:08:33Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2882.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2882"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8bfc-6wzz-f3cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/285757?format=json","vulnerability_id":"VCID-8cdk-uue7-jyfa","summary":"An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1787","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53623","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53595","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66463","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66464","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66449","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66472","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66487","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66371","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.6642","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66434","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66453","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66441","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66411","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66447","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1787"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/394817","reference_id":"394817","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:42:14Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/394817"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1787.json","reference_id":"CVE-2023-1787.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:42:14Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1787.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-1787"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8cdk-uue7-jyfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256795?format=json","vulnerability_id":"VCID-8hjj-ta47-mqe6","summary":"Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39927","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34474","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34693","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.3472","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34596","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.3464","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34669","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34672","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34632","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34608","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34647","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34633","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34594","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34357","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34338","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34253","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34121","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39927"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39927"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8hjj-ta47-mqe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273482?format=json","vulnerability_id":"VCID-8jau-mjwe-83dz","summary":"A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2592","reference_id":"","reference_type":"","scores":[{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60093","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60076","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60107","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60092","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60075","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60113","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.6012","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60038","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60081","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.61341","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.6131","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.61279","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.61326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.61282","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.61362","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2592"},{"reference_url":"https://hackerone.com/reports/1544507","reference_id":"1544507","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:16:23Z/"}],"url":"https://hackerone.com/reports/1544507"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/362566","reference_id":"362566","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:16:23Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/362566"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json","reference_id":"CVE-2022-2592.json","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:16:23Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2592"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8jau-mjwe-83dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279108?format=json","vulnerability_id":"VCID-8kts-dur1-jfc6","summary":"A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3288","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29625","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36309","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36298","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36282","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.3623","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35997","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35965","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35877","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36403","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36237","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36287","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.3637","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36315","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36278","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36254","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3288"},{"reference_url":"https://hackerone.com/reports/1498354","reference_id":"1498354","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:43:30Z/"}],"url":"https://hackerone.com/reports/1498354"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/354948","reference_id":"354948","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:43:30Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/354948"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3288.json","reference_id":"CVE-2022-3288.json","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:43:30Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3288.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3288"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8kts-dur1-jfc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265177?format=json","vulnerability_id":"VCID-8scy-batx-u3gc","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1188","reference_id":"","reference_type":"","scores":[{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55388","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55499","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55524","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55501","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55552","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55553","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55562","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55542","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55561","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55565","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55543","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55468","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55487","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55461","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55412","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1188"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1188"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8scy-batx-u3gc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264595?format=json","vulnerability_id":"VCID-91q4-53ex-4qfc","summary":"An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0477","reference_id":"","reference_type":"","scores":[{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40515","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40597","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40624","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40546","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40596","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40606","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40587","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40568","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40614","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40583","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40505","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40403","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.4039","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40309","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40169","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0477"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0477"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91q4-53ex-4qfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266417?format=json","vulnerability_id":"VCID-92x8-rmhg-zuh6","summary":"An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an unverified secondary email.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2326","reference_id":"","reference_type":"","scores":[{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47662","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47777","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47796","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47745","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.478","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47795","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.4782","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47806","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.4786","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47853","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47788","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47798","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2326"},{"reference_url":"https://security.archlinux.org/AVG-2785","reference_id":"AVG-2785","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2785"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2326"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-92x8-rmhg-zuh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/278980?format=json","vulnerability_id":"VCID-94b4-ux8y-13c7","summary":"An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3018","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45154","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4531","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45316","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45256","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45388","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45408","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45351","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45407","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45429","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45398","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.454","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45451","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45447","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45397","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3018"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/360938","reference_id":"360938","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:36:05Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/360938"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3018.json","reference_id":"CVE-2022-3018.json","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:36:05Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3018.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3018"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-94b4-ux8y-13c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256809?format=json","vulnerability_id":"VCID-989x-8yn6-eqc8","summary":"A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39937","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35152","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35511","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35713","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35738","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35619","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35665","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35688","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35698","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35653","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35631","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.3567","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35661","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35609","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35371","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35351","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.3527","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39937"},{"reference_url":"https://security.archlinux.org/ASA-202112-10","reference_id":"ASA-202112-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-10"},{"reference_url":"https://security.archlinux.org/AVG-2603","reference_id":"AVG-2603","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2603"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39937"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-989x-8yn6-eqc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256807?format=json","vulnerability_id":"VCID-99uy-2jrp-u7cx","summary":"Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39936","reference_id":"","reference_type":"","scores":[{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56812","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56802","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56896","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56918","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56894","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56946","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56949","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56957","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56937","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56914","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56943","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.5694","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56917","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56857","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56874","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56858","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39936"},{"reference_url":"https://security.archlinux.org/ASA-202112-10","reference_id":"ASA-202112-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-10"},{"reference_url":"https://security.archlinux.org/AVG-2603","reference_id":"AVG-2603","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2603"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39936"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-99uy-2jrp-u7cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266414?format=json","vulnerability_id":"VCID-9cvy-mzhc-ukhu","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2497","reference_id":"","reference_type":"","scores":[{"value":"0.0159","scoring_system":"epss","scoring_elements":"0.81723","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0159","scoring_system":"epss","scoring_elements":"0.81577","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0159","scoring_system":"epss","scoring_elements":"0.81598","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0159","scoring_system":"epss","scoring_elements":"0.81596","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0159","scoring_system":"epss","scoring_elements":"0.81623","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0159","scoring_system":"epss","scoring_elements":"0.81629","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0159","scoring_system":"epss","scoring_elements":"0.81649","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0159","scoring_system":"epss","scoring_elements":"0.81636","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0159","scoring_system":"epss","scoring_elements":"0.81667","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0159","scoring_system":"epss","scoring_elements":"0.81666","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0159","scoring_system":"epss","scoring_elements":"0.8167","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0159","scoring_system":"epss","scoring_elements":"0.81693","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0159","scoring_system":"epss","scoring_elements":"0.81702","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0159","scoring_system":"epss","scoring_elements":"0.81706","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2497"},{"reference_url":"https://security.archlinux.org/AVG-2785","reference_id":"AVG-2785","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2785"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2497"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9cvy-mzhc-ukhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256716?format=json","vulnerability_id":"VCID-9f4x-xbya-sqgu","summary":"In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39870","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.3085","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31384","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31521","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31563","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31381","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31434","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31465","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31468","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31425","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31389","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31422","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31402","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31373","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31204","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.3108","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31002","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39870"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39870"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9f4x-xbya-sqgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265645?format=json","vulnerability_id":"VCID-9j1e-jgs8-pqcy","summary":"Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1936","reference_id":"","reference_type":"","scores":[{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37891","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.38052","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.38076","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37958","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.38008","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.38019","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.38036","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.38","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37975","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.3802","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37938","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37725","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37703","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37608","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37493","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1936"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1936"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9j1e-jgs8-pqcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256818?format=json","vulnerability_id":"VCID-9mm8-knzf-a3gb","summary":"Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39945","reference_id":"","reference_type":"","scores":[{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47547","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47628","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47666","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47687","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47636","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47691","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47711","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47688","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47697","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47753","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47746","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47698","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47679","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47633","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39945"},{"reference_url":"https://security.archlinux.org/ASA-202112-10","reference_id":"ASA-202112-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-10"},{"reference_url":"https://security.archlinux.org/AVG-2603","reference_id":"AVG-2603","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2603"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39945"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mm8-knzf-a3gb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265650?format=json","vulnerability_id":"VCID-9nwv-15ru-q7an","summary":"When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1944","reference_id":"","reference_type":"","scores":[{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37061","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37227","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37254","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37085","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37137","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.3715","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37161","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37126","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37099","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37146","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37128","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37072","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36847","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36815","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36728","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36611","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1944"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1944"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9nwv-15ru-q7an"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240485?format=json","vulnerability_id":"VCID-9r8y-4a6r-77hu","summary":"In all versions of GitLab, marshalled session keys were being stored in Redis.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22194","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10361","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1048","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10548","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10413","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10486","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10554","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10583","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10551","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10528","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10394","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1038","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10508","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10493","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10492","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10435","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10383","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22194"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22194"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9r8y-4a6r-77hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256739?format=json","vulnerability_id":"VCID-9tyu-gmse-f3cj","summary":"A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39887","reference_id":"","reference_type":"","scores":[{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.41964","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42251","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42326","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42354","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42296","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42344","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42351","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42374","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42309","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42359","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42335","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42262","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42194","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.4219","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42107","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39887"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39887"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9tyu-gmse-f3cj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256782?format=json","vulnerability_id":"VCID-9wuq-32s1-nydy","summary":"Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39915","reference_id":"","reference_type":"","scores":[{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50277","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50338","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50393","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50423","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50375","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50429","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50422","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50463","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.5044","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50425","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50468","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50472","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50449","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50394","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50404","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50355","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39915"},{"reference_url":"https://security.archlinux.org/ASA-202112-10","reference_id":"ASA-202112-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-10"},{"reference_url":"https://security.archlinux.org/AVG-2603","reference_id":"AVG-2603","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2603"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39915"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wuq-32s1-nydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279219?format=json","vulnerability_id":"VCID-9xax-zz2y-v7gf","summary":"An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3478","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41394","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41764","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.4169","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41616","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41613","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41535","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41753","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41782","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41709","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41759","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41768","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41791","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41758","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41744","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.4179","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3478"},{"reference_url":"https://hackerone.com/reports/1716296","reference_id":"1716296","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:04:38Z/"}],"url":"https://hackerone.com/reports/1716296"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/377788","reference_id":"377788","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:04:38Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/377788"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3478.json","reference_id":"CVE-2022-3478.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:04:38Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3478.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3478"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9xax-zz2y-v7gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273691?format=json","vulnerability_id":"VCID-a1fg-8rfu-zfhg","summary":"A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerability in the external status checks feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2904","reference_id":"","reference_type":"","scores":[{"value":"0.04916","scoring_system":"epss","scoring_elements":"0.8965","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04916","scoring_system":"epss","scoring_elements":"0.89627","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04916","scoring_system":"epss","scoring_elements":"0.89622","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04916","scoring_system":"epss","scoring_elements":"0.89637","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04916","scoring_system":"epss","scoring_elements":"0.8964","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04916","scoring_system":"epss","scoring_elements":"0.89641","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04916","scoring_system":"epss","scoring_elements":"0.89576","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04916","scoring_system":"epss","scoring_elements":"0.89589","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04916","scoring_system":"epss","scoring_elements":"0.8959","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04916","scoring_system":"epss","scoring_elements":"0.89606","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04916","scoring_system":"epss","scoring_elements":"0.89612","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04916","scoring_system":"epss","scoring_elements":"0.89619","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04916","scoring_system":"epss","scoring_elements":"0.89618","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04916","scoring_system":"epss","scoring_elements":"0.89625","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2904"},{"reference_url":"https://hackerone.com/reports/1628009","reference_id":"1628009","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T18:46:43Z/"}],"url":"https://hackerone.com/reports/1628009"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/367408","reference_id":"367408","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T18:46:43Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/367408"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2904.json","reference_id":"CVE-2022-2904.json","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T18:46:43Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2904.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2904"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a1fg-8rfu-zfhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/283831?format=json","vulnerability_id":"VCID-a2bg-sm27-2kac","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in how the application parses user agents.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4131","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49051","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49212","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.4921","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49179","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49178","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49135","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49136","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49165","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49117","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49172","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49169","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49186","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.4916","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4131"},{"reference_url":"https://hackerone.com/reports/1772063","reference_id":"1772063","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:25:32Z/"}],"url":"https://hackerone.com/reports/1772063"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/383598","reference_id":"383598","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:25:32Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/383598"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4131.json","reference_id":"CVE-2022-4131.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:25:32Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4131.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-4131"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a2bg-sm27-2kac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265272?format=json","vulnerability_id":"VCID-a4kg-mmhm-jqhp","summary":"Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1352","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43059","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43289","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43346","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43374","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43312","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43364","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43379","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43399","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43367","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43352","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43411","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.434","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43334","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43268","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4327","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43192","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1352"},{"reference_url":"https://security.archlinux.org/AVG-2696","reference_id":"AVG-2696","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1352"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a4kg-mmhm-jqhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/283866?format=json","vulnerability_id":"VCID-a6ef-nkmh-8ug5","summary":"In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4205","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23832","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23995","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23984","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23943","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24292","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24326","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24113","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.2418","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24225","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24241","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24199","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24142","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24157","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24143","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.2412","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4205"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/374082","reference_id":"374082","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:19:41Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/374082"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4205.json","reference_id":"CVE-2022-4205.json","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:19:41Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4205.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-4205"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a6ef-nkmh-8ug5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/285270?format=json","vulnerability_id":"VCID-a6r2-gpzg-uqc3","summary":"An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1072","reference_id":"","reference_type":"","scores":[{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62233","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62278","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62294","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62288","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.6218","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62211","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62178","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62228","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62246","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62264","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62253","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62232","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62277","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62284","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62269","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1072"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/219619","reference_id":"219619","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:32:50Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/219619"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1072.json","reference_id":"CVE-2023-1072.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:32:50Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1072.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-1072"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a6r2-gpzg-uqc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240458?format=json","vulnerability_id":"VCID-a8mk-ywzj-xbhx","summary":"An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22176","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26676","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26724","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26766","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26552","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.2662","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.2667","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26675","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.2663","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26572","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26578","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26551","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26511","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26451","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26445","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26387","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26254","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22176"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22176"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a8mk-ywzj-xbhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240530?format=json","vulnerability_id":"VCID-ad6q-uvub-77ff","summary":"An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22228","reference_id":"","reference_type":"","scores":[{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45708","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45843","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45891","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45911","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45861","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45917","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45914","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45937","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45908","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45915","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45967","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45962","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45907","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45856","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45867","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.4581","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22228"},{"reference_url":"https://security.archlinux.org/ASA-202107-18","reference_id":"ASA-202107-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-18"},{"reference_url":"https://security.archlinux.org/AVG-2125","reference_id":"AVG-2125","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22228"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ad6q-uvub-77ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265666?format=json","vulnerability_id":"VCID-ayqz-bvxk-ckdx","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab reveals if a user has enabled two-factor authentication on their account in the HTML source, to unauthenticated users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1963","reference_id":"","reference_type":"","scores":[{"value":"0.01166","scoring_system":"epss","scoring_elements":"0.78586","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01166","scoring_system":"epss","scoring_elements":"0.78593","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01166","scoring_system":"epss","scoring_elements":"0.78623","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01166","scoring_system":"epss","scoring_elements":"0.78604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01166","scoring_system":"epss","scoring_elements":"0.7863","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01166","scoring_system":"epss","scoring_elements":"0.78637","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01166","scoring_system":"epss","scoring_elements":"0.78661","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01166","scoring_system":"epss","scoring_elements":"0.78643","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01166","scoring_system":"epss","scoring_elements":"0.78636","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01166","scoring_system":"epss","scoring_elements":"0.78665","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01166","scoring_system":"epss","scoring_elements":"0.78662","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01166","scoring_system":"epss","scoring_elements":"0.78659","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01166","scoring_system":"epss","scoring_elements":"0.78689","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01166","scoring_system":"epss","scoring_elements":"0.78697","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01166","scoring_system":"epss","scoring_elements":"0.78714","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01166","scoring_system":"epss","scoring_elements":"0.78736","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1963"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1963"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ayqz-bvxk-ckdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240444?format=json","vulnerability_id":"VCID-b1et-bsq2-cyfn","summary":"An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22167","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47916","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47985","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48023","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48044","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47994","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48047","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4804","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48065","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48041","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48053","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48105","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.481","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48056","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48037","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48049","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47997","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22167"},{"reference_url":"https://security.archlinux.org/ASA-202101-10","reference_id":"ASA-202101-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-10"},{"reference_url":"https://security.archlinux.org/AVG-1416","reference_id":"AVG-1416","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1416"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22167"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b1et-bsq2-cyfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/285090?format=json","vulnerability_id":"VCID-b2qs-yzq6-jufu","summary":"An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0838","reference_id":"","reference_type":"","scores":[{"value":"0.00822","scoring_system":"epss","scoring_elements":"0.74408","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00822","scoring_system":"epss","scoring_elements":"0.74453","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00822","scoring_system":"epss","scoring_elements":"0.74463","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00822","scoring_system":"epss","scoring_elements":"0.74454","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00822","scoring_system":"epss","scoring_elements":"0.74417","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00822","scoring_system":"epss","scoring_elements":"0.74426","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00822","scoring_system":"epss","scoring_elements":"0.74446","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00822","scoring_system":"epss","scoring_elements":"0.74424","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00822","scoring_system":"epss","scoring_elements":"0.74375","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76483","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76477","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76484","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76496","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77111","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.7714","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0838"},{"reference_url":"https://hackerone.com/reports/1871136","reference_id":"1871136","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:59:35Z/"}],"url":"https://hackerone.com/reports/1871136"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/391685","reference_id":"391685","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:59:35Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/391685"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0838.json","reference_id":"CVE-2023-0838.json","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:59:35Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0838.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-0838"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b2qs-yzq6-jufu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256723?format=json","vulnerability_id":"VCID-b4ff-s1xj-27fx","summary":"In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39875","reference_id":"","reference_type":"","scores":[{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53163","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53153","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53177","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53202","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53169","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53222","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53216","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53267","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53253","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53236","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53273","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53279","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.5326","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53231","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53243","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53205","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39875"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39875"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b4ff-s1xj-27fx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240466?format=json","vulnerability_id":"VCID-bakk-7gzs-sfd8","summary":"A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22181","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37876","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38269","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38405","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38428","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38292","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38343","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38351","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38368","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38331","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38306","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38354","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38332","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38268","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.3811","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38086","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37993","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22181"},{"reference_url":"https://security.archlinux.org/ASA-202106-21","reference_id":"ASA-202106-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-21"},{"reference_url":"https://security.archlinux.org/AVG-2023","reference_id":"AVG-2023","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22181"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bakk-7gzs-sfd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240555?format=json","vulnerability_id":"VCID-bbhu-jsan-33hp","summary":"Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22245","reference_id":"","reference_type":"","scores":[{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60804","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60877","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60905","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.6087","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60919","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60935","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60957","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60943","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60924","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60965","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60971","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60956","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60947","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60959","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60951","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.609","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22245"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22245"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bbhu-jsan-33hp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279226?format=json","vulnerability_id":"VCID-bk4j-xsv9-3fh7","summary":"An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3486","reference_id":"","reference_type":"","scores":[{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59503","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59573","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.5958","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59561","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59534","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59553","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.595","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59525","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59493","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59544","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59556","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59575","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59559","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.5954","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3486"},{"reference_url":"https://hackerone.com/reports/1725190","reference_id":"1725190","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:27:47Z/"}],"url":"https://hackerone.com/reports/1725190"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/377810","reference_id":"377810","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:27:47Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/377810"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3486.json","reference_id":"CVE-2022-3486.json","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:27:47Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3486.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3486"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bk4j-xsv9-3fh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256789?format=json","vulnerability_id":"VCID-buuk-gsy3-w7bp","summary":"In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39919","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20541","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20853","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21004","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.2106","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20774","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20915","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20931","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20887","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20836","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20826","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20818","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.208","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20681","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20677","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20645","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39919"},{"reference_url":"https://security.archlinux.org/ASA-202112-10","reference_id":"ASA-202112-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-10"},{"reference_url":"https://security.archlinux.org/AVG-2603","reference_id":"AVG-2603","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2603"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39919"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-buuk-gsy3-w7bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265330?format=json","vulnerability_id":"VCID-bvmd-gmg3-eue2","summary":"An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some certain amount of information which allowed an user to authenticate without a personal access token.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1426","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.4188","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42157","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42215","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42244","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42186","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42236","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42267","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42231","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42202","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42253","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42228","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.4216","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42106","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42103","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.4202","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1426"},{"reference_url":"https://security.archlinux.org/AVG-2696","reference_id":"AVG-2696","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1426"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvmd-gmg3-eue2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273447?format=json","vulnerability_id":"VCID-bzyn-9qku-1qh2","summary":"An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2533","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36993","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.37027","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36855","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36906","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36921","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36929","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38028","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.3779","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37695","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37582","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.3809","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38066","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38111","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38091","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37813","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2533"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/363863","reference_id":"363863","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T19:31:57Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/363863"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2533.json","reference_id":"CVE-2022-2533.json","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T19:31:57Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2533.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2533"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bzyn-9qku-1qh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279400?format=json","vulnerability_id":"VCID-c8pt-xn2d-9kbu","summary":"An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3820","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30213","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30098","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30022","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30462","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30509","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30319","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30378","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30413","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30415","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30371","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30323","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30339","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30321","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30276","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3820"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/378638","reference_id":"378638","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-02T15:02:02Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/378638"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3820.json","reference_id":"CVE-2022-3820.json","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-02T15:02:02Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3820.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3820"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c8pt-xn2d-9kbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256725?format=json","vulnerability_id":"VCID-ccmp-4xq2-ayau","summary":"A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39877","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.38884","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39237","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39405","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39428","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39343","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39398","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39415","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39426","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39387","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39369","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39421","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39392","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39306","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39109","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39091","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39011","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39877"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39877"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ccmp-4xq2-ayau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/292354?format=json","vulnerability_id":"VCID-cdn5-zfvg-37a2","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A specially crafted merge request could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2442","reference_id":"","reference_type":"","scores":[{"value":"0.84363","scoring_system":"epss","scoring_elements":"0.99327","published_at":"2026-04-26T12:55:00Z"},{"value":"0.84363","scoring_system":"epss","scoring_elements":"0.99322","published_at":"2026-04-11T12:55:00Z"},{"value":"0.84363","scoring_system":"epss","scoring_elements":"0.99323","published_at":"2026-04-13T12:55:00Z"},{"value":"0.84363","scoring_system":"epss","scoring_elements":"0.99325","published_at":"2026-04-18T12:55:00Z"},{"value":"0.84363","scoring_system":"epss","scoring_elements":"0.99324","published_at":"2026-04-21T12:55:00Z"},{"value":"0.84363","scoring_system":"epss","scoring_elements":"0.99326","published_at":"2026-05-05T12:55:00Z"},{"value":"0.84363","scoring_system":"epss","scoring_elements":"0.99316","published_at":"2026-04-02T12:55:00Z"},{"value":"0.84363","scoring_system":"epss","scoring_elements":"0.99318","published_at":"2026-04-04T12:55:00Z"},{"value":"0.84363","scoring_system":"epss","scoring_elements":"0.99319","published_at":"2026-04-07T12:55:00Z"},{"value":"0.84363","scoring_system":"epss","scoring_elements":"0.99321","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2442"},{"reference_url":"https://hackerone.com/reports/1965750","reference_id":"1965750","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-07T16:29:40Z/"}],"url":"https://hackerone.com/reports/1965750"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/409346","reference_id":"409346","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-07T16:29:40Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/409346"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2442.json","reference_id":"CVE-2023-2442.json","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-07T16:29:40Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2442.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-2442"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cdn5-zfvg-37a2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240453?format=json","vulnerability_id":"VCID-cjtt-uq2f-hbd5","summary":"Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22172","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.4875","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48813","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.4885","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48876","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.4883","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48884","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48881","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48897","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48872","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.4888","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48928","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48924","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48885","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48873","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48882","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48833","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22172"},{"reference_url":"https://security.archlinux.org/ASA-202102-11","reference_id":"ASA-202102-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-11"},{"reference_url":"https://security.archlinux.org/AVG-1521","reference_id":"AVG-1521","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1521"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22172"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjtt-uq2f-hbd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256751?format=json","vulnerability_id":"VCID-ckry-v723-n7en","summary":"In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39894","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37007","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37411","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37577","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37601","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37478","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37529","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37542","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37556","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37521","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37495","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37523","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37459","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37218","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37126","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39894"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39894"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ckry-v723-n7en"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/285152?format=json","vulnerability_id":"VCID-crxk-a6uc-a7gh","summary":"A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0921","reference_id":"","reference_type":"","scores":[{"value":"0.21458","scoring_system":"epss","scoring_elements":"0.95738","published_at":"2026-05-05T12:55:00Z"},{"value":"0.21458","scoring_system":"epss","scoring_elements":"0.95718","published_at":"2026-04-16T12:55:00Z"},{"value":"0.21458","scoring_system":"epss","scoring_elements":"0.95722","published_at":"2026-04-18T12:55:00Z"},{"value":"0.21458","scoring_system":"epss","scoring_elements":"0.95723","published_at":"2026-04-29T12:55:00Z"},{"value":"0.21458","scoring_system":"epss","scoring_elements":"0.95725","published_at":"2026-04-24T12:55:00Z"},{"value":"0.21458","scoring_system":"epss","scoring_elements":"0.95724","published_at":"2026-04-26T12:55:00Z"},{"value":"0.21458","scoring_system":"epss","scoring_elements":"0.95684","published_at":"2026-04-02T12:55:00Z"},{"value":"0.21458","scoring_system":"epss","scoring_elements":"0.95689","published_at":"2026-04-04T12:55:00Z"},{"value":"0.21458","scoring_system":"epss","scoring_elements":"0.95692","published_at":"2026-04-07T12:55:00Z"},{"value":"0.21458","scoring_system":"epss","scoring_elements":"0.957","published_at":"2026-04-08T12:55:00Z"},{"value":"0.21458","scoring_system":"epss","scoring_elements":"0.95704","published_at":"2026-04-09T12:55:00Z"},{"value":"0.21458","scoring_system":"epss","scoring_elements":"0.95708","published_at":"2026-04-12T12:55:00Z"},{"value":"0.21458","scoring_system":"epss","scoring_elements":"0.95709","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0921"},{"reference_url":"https://hackerone.com/reports/1869839","reference_id":"1869839","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:41:02Z/"}],"url":"https://hackerone.com/reports/1869839"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/392433","reference_id":"392433","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:41:02Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/392433"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0921.json","reference_id":"CVE-2023-0921.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:41:02Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0921.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-0921"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-crxk-a6uc-a7gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/283836?format=json","vulnerability_id":"VCID-ctkx-akra-t3bt","summary":"An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4143","reference_id":"","reference_type":"","scores":[{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43575","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43602","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43539","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.4359","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43605","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43623","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43592","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43576","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43637","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43626","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43561","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43698","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43778","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43776","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.4357","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4143"},{"reference_url":"https://hackerone.com/reports/1767639","reference_id":"1767639","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-03T19:58:44Z/"}],"url":"https://hackerone.com/reports/1767639"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/383776","reference_id":"383776","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-03T19:58:44Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/383776"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4143.json","reference_id":"CVE-2022-4143.json","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-03T19:58:44Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4143.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-4143"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ctkx-akra-t3bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/283867?format=json","vulnerability_id":"VCID-cxuk-gqse-mkf9","summary":"A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4206","reference_id":"","reference_type":"","scores":[{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35677","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35912","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3588","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35793","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3629","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36323","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36157","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36208","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36225","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3623","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36193","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36168","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3621","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36194","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36143","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4206"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/383083","reference_id":"383083","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:43:00Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/383083"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4206.json","reference_id":"CVE-2022-4206.json","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:43:00Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4206.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-4206"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cxuk-gqse-mkf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264427?format=json","vulnerability_id":"VCID-d1vm-nxpd-1kfb","summary":"An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0283","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36436","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36608","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36641","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36479","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.3653","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.3655","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36556","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36522","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36498","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36542","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36524","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.3647","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36243","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36212","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36126","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36008","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0283"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0283"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d1vm-nxpd-1kfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/283994?format=json","vulnerability_id":"VCID-d39z-kj36-6ubd","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error tracking settings page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4365","reference_id":"","reference_type":"","scores":[{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71144","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71112","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71092","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71149","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71157","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71161","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71017","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71035","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.7101","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71052","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71067","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.7109","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71075","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71058","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71105","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4365"},{"reference_url":"https://hackerone.com/reports/1792626","reference_id":"1792626","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T13:49:47Z/"}],"url":"https://hackerone.com/reports/1792626"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/385193","reference_id":"385193","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T13:49:47Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/385193"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4365.json","reference_id":"CVE-2022-4365.json","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T13:49:47Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4365.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-4365"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d39z-kj36-6ubd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273380?format=json","vulnerability_id":"VCID-d4kh-973e-myad","summary":"A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2428","reference_id":"","reference_type":"","scores":[{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53163","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59636","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59603","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59572","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59623","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59578","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59656","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60969","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.6096","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60971","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60964","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60955","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60936","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60978","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60984","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2428"},{"reference_url":"https://hackerone.com/reports/1563379","reference_id":"1563379","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T19:48:19Z/"}],"url":"https://hackerone.com/reports/1563379"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/362272","reference_id":"362272","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T19:48:19Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/362272"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2428.json","reference_id":"CVE-2022-2428.json","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T19:48:19Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2428.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2428"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d4kh-973e-myad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/284637?format=json","vulnerability_id":"VCID-d8a7-j1w1-p7c2","summary":"An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0155","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30403","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34541","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34504","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.3448","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34516","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34502","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34463","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34087","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34068","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33983","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34469","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34512","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34543","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39178","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.392","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0155"},{"reference_url":"https://hackerone.com/reports/1817250","reference_id":"1817250","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:37:46Z/"}],"url":"https://hackerone.com/reports/1817250"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/387638","reference_id":"387638","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:37:46Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/387638"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0155.json","reference_id":"CVE-2023-0155.json","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:37:46Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0155.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-0155"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d8a7-j1w1-p7c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/283793?format=json","vulnerability_id":"VCID-d91h-tcch-t3ct","summary":"An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4054","reference_id":"","reference_type":"","scores":[{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45462","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.4574","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45689","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45619","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45627","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45568","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45676","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45696","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45644","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45699","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45695","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45718","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45688","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45746","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4054"},{"reference_url":"https://hackerone.com/reports/1758126","reference_id":"1758126","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:15:23Z/"}],"url":"https://hackerone.com/reports/1758126"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/382260","reference_id":"382260","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:15:23Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/382260"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4054.json","reference_id":"CVE-2022-4054.json","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:15:23Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4054.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-4054"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d91h-tcch-t3ct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256753?format=json","vulnerability_id":"VCID-dana-dyhj-4yec","summary":"In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39895","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51378","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51385","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51436","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51463","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51423","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51476","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51474","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51518","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51497","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51484","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51526","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51535","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51513","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51473","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51434","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39895"},{"reference_url":"https://security.archlinux.org/AVG-2503","reference_id":"AVG-2503","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39895"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dana-dyhj-4yec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240461?format=json","vulnerability_id":"VCID-ddrf-4kkt-2fdk","summary":"An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22178","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50868","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50926","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50951","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50909","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50966","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50964","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51006","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50986","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.5097","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51013","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50991","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50938","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50946","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50908","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50834","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22178"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22178"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ddrf-4kkt-2fdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256721?format=json","vulnerability_id":"VCID-dfrd-2pjx-4ba4","summary":"In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39873","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50853","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.5089","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50944","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50969","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50927","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50984","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50981","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51024","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51003","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50987","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51031","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51009","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50957","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50965","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50926","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39873"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39873"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dfrd-2pjx-4ba4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/292034?format=json","vulnerability_id":"VCID-dnfu-5u32-3qe6","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A reflected XSS was possible when creating new abuse reports which allows attackers to perform arbitrary actions on behalf of victims.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2015","reference_id":"","reference_type":"","scores":[{"value":"0.08098","scoring_system":"epss","scoring_elements":"0.92173","published_at":"2026-05-05T12:55:00Z"},{"value":"0.08098","scoring_system":"epss","scoring_elements":"0.9215","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08098","scoring_system":"epss","scoring_elements":"0.92153","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08098","scoring_system":"epss","scoring_elements":"0.92158","published_at":"2026-04-12T12:55:00Z"},{"value":"0.08098","scoring_system":"epss","scoring_elements":"0.92164","published_at":"2026-04-16T12:55:00Z"},{"value":"0.08098","scoring_system":"epss","scoring_elements":"0.92162","published_at":"2026-04-21T12:55:00Z"},{"value":"0.08098","scoring_system":"epss","scoring_elements":"0.92166","published_at":"2026-04-26T12:55:00Z"},{"value":"0.08098","scoring_system":"epss","scoring_elements":"0.92163","published_at":"2026-04-29T12:55:00Z"},{"value":"0.08098","scoring_system":"epss","scoring_elements":"0.92134","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08098","scoring_system":"epss","scoring_elements":"0.92139","published_at":"2026-04-07T12:55:00Z"},{"value":"0.09365","scoring_system":"epss","scoring_elements":"0.92753","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2015"},{"reference_url":"https://hackerone.com/reports/1941091","reference_id":"1941091","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:47:55Z/"}],"url":"https://hackerone.com/reports/1941091"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/407137","reference_id":"407137","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:47:55Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/407137"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2015.json","reference_id":"CVE-2023-2015.json","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:47:55Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2015.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-2015"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dnfu-5u32-3qe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240542?format=json","vulnerability_id":"VCID-dpda-b429-ske5","summary":"Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22237","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38502","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38857","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38989","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.39009","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3894","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38993","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.39007","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.39019","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38983","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38956","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.39003","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38984","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.389","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38737","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38713","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38625","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22237"},{"reference_url":"https://security.archlinux.org/ASA-202108-7","reference_id":"ASA-202108-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-7"},{"reference_url":"https://security.archlinux.org/AVG-2251","reference_id":"AVG-2251","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2251"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22237"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dpda-b429-ske5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/292157?format=json","vulnerability_id":"VCID-dq4q-mw69-q3gg","summary":"An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2181","reference_id":"","reference_type":"","scores":[{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.5893","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59004","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58983","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58965","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58982","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58969","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58938","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58961","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58927","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58978","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58984","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59003","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58985","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58966","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2181"},{"reference_url":"https://hackerone.com/reports/1938185","reference_id":"1938185","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:46:53Z/"}],"url":"https://hackerone.com/reports/1938185"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/407859","reference_id":"407859","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:46:53Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/407859"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2181.json","reference_id":"CVE-2023-2181.json","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:46:53Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2181.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-2181"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dq4q-mw69-q3gg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265134?format=json","vulnerability_id":"VCID-dszf-bnkn-mycs","summary":"An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1105","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42062","published_at":"2026-04-01T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42123","published_at":"2026-04-02T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42151","published_at":"2026-04-04T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42088","published_at":"2026-04-07T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42139","published_at":"2026-04-08T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.4215","published_at":"2026-04-09T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42172","published_at":"2026-04-11T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42135","published_at":"2026-04-12T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42111","published_at":"2026-04-13T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42162","published_at":"2026-04-16T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42136","published_at":"2026-04-18T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42066","published_at":"2026-04-21T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42008","published_at":"2026-04-24T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42003","published_at":"2026-04-26T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.4192","published_at":"2026-04-29T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41777","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1105"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1105"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dszf-bnkn-mycs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/283935?format=json","vulnerability_id":"VCID-du8z-6hwa-r3cz","summary":"An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4289","reference_id":"","reference_type":"","scores":[{"value":"0.02377","scoring_system":"epss","scoring_elements":"0.84923","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02377","scoring_system":"epss","scoring_elements":"0.8494","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02377","scoring_system":"epss","scoring_elements":"0.84945","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02377","scoring_system":"epss","scoring_elements":"0.84968","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02377","scoring_system":"epss","scoring_elements":"0.84975","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02377","scoring_system":"epss","scoring_elements":"0.8499","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02377","scoring_system":"epss","scoring_elements":"0.84989","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02377","scoring_system":"epss","scoring_elements":"0.84985","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02377","scoring_system":"epss","scoring_elements":"0.85005","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02377","scoring_system":"epss","scoring_elements":"0.85007","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02377","scoring_system":"epss","scoring_elements":"0.85004","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02377","scoring_system":"epss","scoring_elements":"0.85029","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02377","scoring_system":"epss","scoring_elements":"0.85037","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02377","scoring_system":"epss","scoring_elements":"0.85036","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02377","scoring_system":"epss","scoring_elements":"0.85052","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4289"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-4289"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-du8z-6hwa-r3cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/284566?format=json","vulnerability_id":"VCID-dvub-kdg8-m3ba","summary":"An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0050","reference_id":"","reference_type":"","scores":[{"value":"0.59625","scoring_system":"epss","scoring_elements":"0.98269","published_at":"2026-05-05T12:55:00Z"},{"value":"0.59625","scoring_system":"epss","scoring_elements":"0.98249","published_at":"2026-04-08T12:55:00Z"},{"value":"0.59625","scoring_system":"epss","scoring_elements":"0.9825","published_at":"2026-04-09T12:55:00Z"},{"value":"0.59625","scoring_system":"epss","scoring_elements":"0.98253","published_at":"2026-04-13T12:55:00Z"},{"value":"0.59625","scoring_system":"epss","scoring_elements":"0.98259","published_at":"2026-04-21T12:55:00Z"},{"value":"0.59625","scoring_system":"epss","scoring_elements":"0.9826","published_at":"2026-04-18T12:55:00Z"},{"value":"0.59625","scoring_system":"epss","scoring_elements":"0.98262","published_at":"2026-04-24T12:55:00Z"},{"value":"0.59625","scoring_system":"epss","scoring_elements":"0.98264","published_at":"2026-04-26T12:55:00Z"},{"value":"0.59625","scoring_system":"epss","scoring_elements":"0.98263","published_at":"2026-04-29T12:55:00Z"},{"value":"0.65254","scoring_system":"epss","scoring_elements":"0.98471","published_at":"2026-04-02T12:55:00Z"},{"value":"0.65254","scoring_system":"epss","scoring_elements":"0.98474","published_at":"2026-04-04T12:55:00Z"},{"value":"0.65254","scoring_system":"epss","scoring_elements":"0.98476","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0050"},{"reference_url":"https://hackerone.com/reports/1731349","reference_id":"1731349","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:28:22Z/"}],"url":"https://hackerone.com/reports/1731349"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/387023","reference_id":"387023","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:28:22Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/387023"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0050.json","reference_id":"CVE-2023-0050.json","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:28:22Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0050.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-0050"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dvub-kdg8-m3ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240578?format=json","vulnerability_id":"VCID-e3uk-9c9y-v3h2","summary":"A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22261","reference_id":"","reference_type":"","scores":[{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41849","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41914","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41942","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4187","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4192","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41931","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41955","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41919","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41906","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41956","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41929","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41858","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41795","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41788","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41707","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41566","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22261"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22261"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e3uk-9c9y-v3h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256759?format=json","vulnerability_id":"VCID-e49b-ph77-4kcp","summary":"Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39900","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43064","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43296","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43353","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4338","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43318","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4337","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43385","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43405","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43373","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43358","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43417","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43406","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4334","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43273","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43275","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43197","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39900"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39900"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e49b-ph77-4kcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279106?format=json","vulnerability_id":"VCID-eag7-wvsz-ukdf","summary":"Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3285","reference_id":"","reference_type":"","scores":[{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.56979","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57095","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.5703","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57048","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57074","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57096","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57073","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57124","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57125","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57137","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57116","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57093","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57121","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3285"},{"reference_url":"https://gitlab.com/gitlab-org/security/omnibus-gitlab/-/issues/64","reference_id":"64","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:24:24Z/"}],"url":"https://gitlab.com/gitlab-org/security/omnibus-gitlab/-/issues/64"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3285.json","reference_id":"CVE-2022-3285.json","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:24:24Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3285.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3285"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eag7-wvsz-ukdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264492?format=json","vulnerability_id":"VCID-eh9j-1jam-ryc8","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails even if a user set their email to private.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0371","reference_id":"","reference_type":"","scores":[{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51506","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51558","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51584","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51545","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51599","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51596","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51646","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51625","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51608","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.5165","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51657","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51635","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51587","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51593","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51553","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51497","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0371"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0371"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eh9j-1jam-ryc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279398?format=json","vulnerability_id":"VCID-et8t-h58x-mybc","summary":"An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3818","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.4087","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41094","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41089","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41008","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41275","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41304","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41228","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41279","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41287","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41308","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41277","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41263","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41306","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41204","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3818"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/358170","reference_id":"358170","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:21:10Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/358170"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3818.json","reference_id":"CVE-2022-3818.json","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:21:10Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3818.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3818"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-et8t-h58x-mybc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240527?format=json","vulnerability_id":"VCID-ewf1-jsf4-nqe8","summary":"Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22226","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4059","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40926","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41008","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4104","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40965","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41014","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41022","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41005","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40989","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41031","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41002","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40924","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4083","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40817","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40733","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22226"},{"reference_url":"https://security.archlinux.org/ASA-202107-18","reference_id":"ASA-202107-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-18"},{"reference_url":"https://security.archlinux.org/AVG-2125","reference_id":"AVG-2125","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22226"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ewf1-jsf4-nqe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240538?format=json","vulnerability_id":"VCID-ewgh-vf6w-byh8","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22234","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38394","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38531","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38556","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38419","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38469","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38477","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38493","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38455","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.3843","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38457","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38393","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38236","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38214","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38007","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22234"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ewgh-vf6w-byh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279243?format=json","vulnerability_id":"VCID-f3x4-fgv1-kqeu","summary":"An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3513","reference_id":"","reference_type":"","scores":[{"value":"0.23643","scoring_system":"epss","scoring_elements":"0.96019","published_at":"2026-05-05T12:55:00Z"},{"value":"0.23643","scoring_system":"epss","scoring_elements":"0.95984","published_at":"2026-04-08T12:55:00Z"},{"value":"0.23643","scoring_system":"epss","scoring_elements":"0.95987","published_at":"2026-04-09T12:55:00Z"},{"value":"0.23643","scoring_system":"epss","scoring_elements":"0.9599","published_at":"2026-04-12T12:55:00Z"},{"value":"0.23643","scoring_system":"epss","scoring_elements":"0.95993","published_at":"2026-04-13T12:55:00Z"},{"value":"0.23643","scoring_system":"epss","scoring_elements":"0.96002","published_at":"2026-04-16T12:55:00Z"},{"value":"0.23643","scoring_system":"epss","scoring_elements":"0.96007","published_at":"2026-04-18T12:55:00Z"},{"value":"0.23643","scoring_system":"epss","scoring_elements":"0.96009","published_at":"2026-04-26T12:55:00Z"},{"value":"0.23643","scoring_system":"epss","scoring_elements":"0.96008","published_at":"2026-04-29T12:55:00Z"},{"value":"0.23643","scoring_system":"epss","scoring_elements":"0.95975","published_at":"2026-04-07T12:55:00Z"},{"value":"0.24956","scoring_system":"epss","scoring_elements":"0.96142","published_at":"2026-04-04T12:55:00Z"},{"value":"0.24956","scoring_system":"epss","scoring_elements":"0.96135","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3513"},{"reference_url":"https://hackerone.com/reports/1728015","reference_id":"1728015","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:12:22Z/"}],"url":"https://hackerone.com/reports/1728015"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/377970","reference_id":"377970","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:12:22Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/377970"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3513.json","reference_id":"CVE-2022-3513.json","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:12:22Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3513.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3513"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f3x4-fgv1-kqeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/285782?format=json","vulnerability_id":"VCID-f54b-es39-zkeu","summary":"A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in \"raw\" mode, it can be made to render as HTML if viewed under specific circumstances","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1836","reference_id":"","reference_type":"","scores":[{"value":"0.01014","scoring_system":"epss","scoring_elements":"0.77244","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01202","scoring_system":"epss","scoring_elements":"0.7892","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01202","scoring_system":"epss","scoring_elements":"0.78935","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01202","scoring_system":"epss","scoring_elements":"0.78954","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01202","scoring_system":"epss","scoring_elements":"0.78952","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01202","scoring_system":"epss","scoring_elements":"0.78981","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01202","scoring_system":"epss","scoring_elements":"0.78987","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01202","scoring_system":"epss","scoring_elements":"0.79004","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01202","scoring_system":"epss","scoring_elements":"0.78914","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01202","scoring_system":"epss","scoring_elements":"0.78896","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01202","scoring_system":"epss","scoring_elements":"0.78885","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01202","scoring_system":"epss","scoring_elements":"0.78926","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01202","scoring_system":"epss","scoring_elements":"0.7895","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1836"},{"reference_url":"https://hackerone.com/reports/1923293","reference_id":"1923293","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T21:46:31Z/"}],"url":"https://hackerone.com/reports/1923293"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/404613","reference_id":"404613","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T21:46:31Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/404613"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1836.json","reference_id":"CVE-2023-1836.json","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T21:46:31Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1836.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-1836"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f54b-es39-zkeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256762?format=json","vulnerability_id":"VCID-f663-qdnt-4fhz","summary":"Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39902","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45083","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4532","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45342","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45285","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4534","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45362","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4533","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45332","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45383","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45379","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45329","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45246","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45187","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39902"},{"reference_url":"https://security.archlinux.org/AVG-2503","reference_id":"AVG-2503","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39902"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f663-qdnt-4fhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264306?format=json","vulnerability_id":"VCID-fhyb-ywht-fubs","summary":"An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0152","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35799","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35989","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.36018","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.3585","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.359","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35923","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35929","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35888","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35864","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35904","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35891","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35843","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35615","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35584","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35497","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35381","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0152"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0152"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fhyb-ywht-fubs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/278994?format=json","vulnerability_id":"VCID-fjvt-kscp-fqge","summary":"An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3066","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37738","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37763","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37641","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37692","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37706","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37719","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38983","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38881","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38718","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38694","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38605","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38483","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38963","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38936","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3066"},{"reference_url":"https://hackerone.com/reports/1685105","reference_id":"1685105","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:18:30Z/"}],"url":"https://hackerone.com/reports/1685105"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/372149","reference_id":"372149","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:18:30Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/372149"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3066.json","reference_id":"CVE-2022-3066.json","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:18:30Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3066.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3066"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fjvt-kscp-fqge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273443?format=json","vulnerability_id":"VCID-fmby-pwvt-ybg3","summary":"An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2527","reference_id":"","reference_type":"","scores":[{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.5747","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64822","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64804","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64796","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64768","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64806","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64817","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64834","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64831","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65899","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65869","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65835","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65887","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65839","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65917","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2527"},{"reference_url":"https://hackerone.com/reports/1647446","reference_id":"1647446","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T19:34:31Z/"}],"url":"https://hackerone.com/reports/1647446"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/368676","reference_id":"368676","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T19:34:31Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/368676"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2527.json","reference_id":"CVE-2022-2527.json","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T19:34:31Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2527.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2527"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fmby-pwvt-ybg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265139?format=json","vulnerability_id":"VCID-fnr8-6jma-guag","summary":"A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1111","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.4145","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41372","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41239","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48094","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48147","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48142","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48166","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48139","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48086","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48202","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48197","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48153","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48133","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.4815","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48123","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48144","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1111"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1111"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnr8-6jma-guag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/284738?format=json","vulnerability_id":"VCID-fvqd-dnqf-8fdd","summary":"An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0319","reference_id":"","reference_type":"","scores":[{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70245","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70196","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70183","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70225","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70234","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70213","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70265","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70272","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70271","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70124","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70171","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70187","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70211","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.71958","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.71938","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0319"},{"reference_url":"https://hackerone.com/reports/1817586","reference_id":"1817586","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:09:07Z/"}],"url":"https://hackerone.com/reports/1817586"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/388096","reference_id":"388096","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:09:07Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/388096"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0319.json","reference_id":"CVE-2023-0319.json","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:09:07Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0319.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-0319"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fvqd-dnqf-8fdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240579?format=json","vulnerability_id":"VCID-ge5p-j2j1-j3dr","summary":"Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22262","reference_id":"","reference_type":"","scores":[{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36165","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.3636","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36392","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36227","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36276","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36298","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36304","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36267","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36243","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36287","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36271","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36219","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35987","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35955","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35867","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35751","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22262"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22262"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ge5p-j2j1-j3dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240469?format=json","vulnerability_id":"VCID-gg49-yk1p-tyfr","summary":"An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22183","reference_id":"","reference_type":"","scores":[{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38161","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38298","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38321","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.3819","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.3824","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38248","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38267","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38231","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38207","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38254","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38234","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38166","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38002","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37979","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37883","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37768","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22183"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22183"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gg49-yk1p-tyfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279104?format=json","vulnerability_id":"VCID-gj1u-z63z-u3hj","summary":"A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3283","reference_id":"","reference_type":"","scores":[{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63228","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69335","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69352","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69362","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69342","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69393","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69401","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69406","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69287","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69268","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69317","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69357","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69341","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69313","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3283"},{"reference_url":"https://hackerone.com/reports/1543718","reference_id":"1543718","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:45:58Z/"}],"url":"https://hackerone.com/reports/1543718"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/361982","reference_id":"361982","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:45:58Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/361982"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3283.json","reference_id":"CVE-2022-3283.json","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:45:58Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3283.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3283"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gj1u-z63z-u3hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256776?format=json","vulnerability_id":"VCID-gvwq-zqmf-ruak","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39910","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39121","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3947","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3962","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39642","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39559","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39613","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39628","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39638","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39601","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39585","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39636","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39606","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39523","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39343","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39328","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39246","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39910"},{"reference_url":"https://security.archlinux.org/ASA-202112-10","reference_id":"ASA-202112-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-10"},{"reference_url":"https://security.archlinux.org/AVG-2603","reference_id":"AVG-2603","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2603"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39910"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gvwq-zqmf-ruak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240491?format=json","vulnerability_id":"VCID-gwem-yat3-ebat","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22197","reference_id":"","reference_type":"","scores":[{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57576","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57546","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57631","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57652","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57682","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57685","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.577","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57679","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57659","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57689","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57664","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57622","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57642","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.5762","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22197"},{"reference_url":"https://security.archlinux.org/AVG-1770","reference_id":"AVG-1770","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1770"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22197"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwem-yat3-ebat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264825?format=json","vulnerability_id":"VCID-gyux-nx2t-w3bc","summary":"Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0741","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50744","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.508","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50826","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50784","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5084","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50839","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5088","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50857","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50842","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50886","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50864","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50813","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50822","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50782","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50705","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0741"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0741"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gyux-nx2t-w3bc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/278995?format=json","vulnerability_id":"VCID-h147-6yrd-8ubf","summary":"An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects' content given the project's ID.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3067","reference_id":"","reference_type":"","scores":[{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.4581","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45866","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45856","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45962","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45907","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45915","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45967","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45707","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47494","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47493","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47442","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47497","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47472","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47516","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3067"},{"reference_url":"https://hackerone.com/reports/1685822","reference_id":"1685822","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:05:38Z/"}],"url":"https://hackerone.com/reports/1685822"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/372165","reference_id":"372165","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:05:38Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/372165"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3067.json","reference_id":"CVE-2022-3067.json","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:05:38Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3067.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3067"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h147-6yrd-8ubf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265387?format=json","vulnerability_id":"VCID-h267-4vt1-fyhn","summary":"It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1545","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49361","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49389","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49416","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.4937","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49424","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.4942","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49438","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49409","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49412","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49458","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49455","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49415","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49426","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49381","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49296","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1545"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1545"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h267-4vt1-fyhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265167?format=json","vulnerability_id":"VCID-h2d4-85z3-rfe3","summary":"Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1175","reference_id":"","reference_type":"","scores":[{"value":"0.10323","scoring_system":"epss","scoring_elements":"0.93153","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10323","scoring_system":"epss","scoring_elements":"0.93162","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10323","scoring_system":"epss","scoring_elements":"0.93166","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10323","scoring_system":"epss","scoring_elements":"0.93165","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10323","scoring_system":"epss","scoring_elements":"0.93174","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10323","scoring_system":"epss","scoring_elements":"0.93178","published_at":"2026-04-09T12:55:00Z"},{"value":"0.10323","scoring_system":"epss","scoring_elements":"0.93184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10323","scoring_system":"epss","scoring_elements":"0.93181","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10323","scoring_system":"epss","scoring_elements":"0.93183","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10323","scoring_system":"epss","scoring_elements":"0.93199","published_at":"2026-04-16T12:55:00Z"},{"value":"0.10323","scoring_system":"epss","scoring_elements":"0.93203","published_at":"2026-04-18T12:55:00Z"},{"value":"0.10323","scoring_system":"epss","scoring_elements":"0.93211","published_at":"2026-04-29T12:55:00Z"},{"value":"0.10323","scoring_system":"epss","scoring_elements":"0.93217","published_at":"2026-04-24T12:55:00Z"},{"value":"0.10323","scoring_system":"epss","scoring_elements":"0.93215","published_at":"2026-04-26T12:55:00Z"},{"value":"0.10323","scoring_system":"epss","scoring_elements":"0.9322","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1175"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/50889.txt","reference_id":"CVE-2022-1175","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/50889.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1175"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2d4-85z3-rfe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273247?format=json","vulnerability_id":"VCID-h31e-d7a4-nya5","summary":"Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2227","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36952","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36986","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36817","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36869","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36884","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36893","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36857","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36832","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36876","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36859","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36802","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36575","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36544","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36455","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36339","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2227"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2227"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h31e-d7a4-nya5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264493?format=json","vulnerability_id":"VCID-h4cb-63qp-h7hy","summary":"Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0373","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50752","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50808","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50834","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50792","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50849","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50847","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50888","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50865","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5085","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50895","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50873","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50823","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50832","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5079","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50714","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0373"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0373"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h4cb-63qp-h7hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256786?format=json","vulnerability_id":"VCID-h8td-pdxx-y7en","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39917","reference_id":"","reference_type":"","scores":[{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59769","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59687","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.5976","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59784","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59753","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59805","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59818","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59838","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59822","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59804","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59841","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59848","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59832","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59803","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59821","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59806","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39917"},{"reference_url":"https://security.archlinux.org/ASA-202112-10","reference_id":"ASA-202112-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-10"},{"reference_url":"https://security.archlinux.org/AVG-2603","reference_id":"AVG-2603","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2603"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39917"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h8td-pdxx-y7en"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79694?format=json","vulnerability_id":"VCID-h8yw-kg7e-cqak","summary":"gitlab: An authorization logic error in the External Status Check API in GitLab EE","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39943.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39943.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39943","reference_id":"","reference_type":"","scores":[{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47613","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47652","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47672","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47622","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47677","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47673","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47696","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47681","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47739","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47731","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47684","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47664","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47619","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47534","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39943"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2052909","reference_id":"2052909","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2052909"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39943"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h8yw-kg7e-cqak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265322?format=json","vulnerability_id":"VCID-hawe-rs16-37bf","summary":"Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1416","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35476","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35894","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36085","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36115","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3595","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36023","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36029","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35991","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35965","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36004","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3599","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35939","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3571","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35679","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3559","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1416"},{"reference_url":"https://security.archlinux.org/AVG-2696","reference_id":"AVG-2696","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1416"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hawe-rs16-37bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266412?format=json","vulnerability_id":"VCID-hd2f-p7zx-vqcp","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2512","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30976","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31655","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31699","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31517","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.3157","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.316","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31605","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31563","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31526","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31559","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31537","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31504","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31331","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31204","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31124","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2512"},{"reference_url":"https://security.archlinux.org/AVG-2785","reference_id":"AVG-2785","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2785"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2512"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hd2f-p7zx-vqcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266420?format=json","vulnerability_id":"VCID-hfyr-23g4-y7e5","summary":"An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's public fingerprint and name when that key has write permission. Note that GitLab never asks for nor stores the private key.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2095","reference_id":"","reference_type":"","scores":[{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68971","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.6885","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68871","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68851","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68901","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68919","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68942","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68928","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68899","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68939","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.6895","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68929","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.6898","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68986","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68991","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2095"},{"reference_url":"https://security.archlinux.org/AVG-2785","reference_id":"AVG-2785","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2785"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2095"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hfyr-23g4-y7e5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224026?format=json","vulnerability_id":"VCID-hrbv-6bwd-a3hz","summary":"An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26414","reference_id":"","reference_type":"","scores":[{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.502","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50263","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50303","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50332","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.5028","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50333","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50326","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50355","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.5033","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50319","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50364","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50367","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50343","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50316","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50278","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26414"},{"reference_url":"https://security.archlinux.org/ASA-202101-10","reference_id":"ASA-202101-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-10"},{"reference_url":"https://security.archlinux.org/AVG-1416","reference_id":"AVG-1416","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1416"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2020-26414"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hrbv-6bwd-a3hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/284876?format=json","vulnerability_id":"VCID-htj9-mwan-ufcr","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0518","reference_id":"","reference_type":"","scores":[{"value":"0.01784","scoring_system":"epss","scoring_elements":"0.828","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01784","scoring_system":"epss","scoring_elements":"0.82826","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01784","scoring_system":"epss","scoring_elements":"0.82806","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02082","scoring_system":"epss","scoring_elements":"0.83987","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02082","scoring_system":"epss","scoring_elements":"0.83997","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02082","scoring_system":"epss","scoring_elements":"0.83993","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02082","scoring_system":"epss","scoring_elements":"0.84018","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02082","scoring_system":"epss","scoring_elements":"0.84019","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02082","scoring_system":"epss","scoring_elements":"0.84021","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02082","scoring_system":"epss","scoring_elements":"0.84047","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02082","scoring_system":"epss","scoring_elements":"0.83955","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02082","scoring_system":"epss","scoring_elements":"0.83958","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02082","scoring_system":"epss","scoring_elements":"0.83981","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02082","scoring_system":"epss","scoring_elements":"0.83939","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02082","scoring_system":"epss","scoring_elements":"0.84003","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0518"},{"reference_url":"https://hackerone.com/reports/1766973","reference_id":"1766973","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:13:52Z/"}],"url":"https://hackerone.com/reports/1766973"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/383082","reference_id":"383082","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:13:52Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/383082"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0518.json","reference_id":"CVE-2023-0518.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:13:52Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0518.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-0518"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-htj9-mwan-ufcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240531?format=json","vulnerability_id":"VCID-j2d6-26gv-j3f9","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22229","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41742","published_at":"2026-05-05T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42027","published_at":"2026-04-01T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42087","published_at":"2026-04-02T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42115","published_at":"2026-04-04T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42052","published_at":"2026-04-07T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42104","published_at":"2026-04-08T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42116","published_at":"2026-04-09T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42137","published_at":"2026-04-11T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.421","published_at":"2026-04-18T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42075","published_at":"2026-04-13T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42127","published_at":"2026-04-16T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.4203","published_at":"2026-04-21T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41973","published_at":"2026-04-24T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41967","published_at":"2026-04-26T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41883","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22229"},{"reference_url":"https://security.archlinux.org/ASA-202107-18","reference_id":"ASA-202107-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-18"},{"reference_url":"https://security.archlinux.org/AVG-2125","reference_id":"AVG-2125","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22229"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j2d6-26gv-j3f9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240479?format=json","vulnerability_id":"VCID-j36a-731v-6kc1","summary":"Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22189","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25502","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.2557","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25607","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25379","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25448","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25496","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25508","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25465","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25408","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25414","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25404","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25371","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25335","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25328","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25283","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25165","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22189"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22189"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j36a-731v-6kc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265179?format=json","vulnerability_id":"VCID-j3j2-36rk-7kfm","summary":"Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1190","reference_id":"","reference_type":"","scores":[{"value":"0.01","scoring_system":"epss","scoring_elements":"0.77023","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01","scoring_system":"epss","scoring_elements":"0.77026","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01","scoring_system":"epss","scoring_elements":"0.77019","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01","scoring_system":"epss","scoring_elements":"0.77054","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01","scoring_system":"epss","scoring_elements":"0.77061","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01","scoring_system":"epss","scoring_elements":"0.77074","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01","scoring_system":"epss","scoring_elements":"0.77065","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01651","scoring_system":"epss","scoring_elements":"0.8202","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01651","scoring_system":"epss","scoring_elements":"0.81946","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01651","scoring_system":"epss","scoring_elements":"0.82013","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01651","scoring_system":"epss","scoring_elements":"0.81957","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01651","scoring_system":"epss","scoring_elements":"0.8198","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01651","scoring_system":"epss","scoring_elements":"0.81976","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01651","scoring_system":"epss","scoring_elements":"0.82003","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01651","scoring_system":"epss","scoring_elements":"0.82011","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01651","scoring_system":"epss","scoring_elements":"0.8203","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1190"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j3j2-36rk-7kfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256769?format=json","vulnerability_id":"VCID-j6gp-wgz9-17h6","summary":"Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39906","reference_id":"","reference_type":"","scores":[{"value":"0.01183","scoring_system":"epss","scoring_elements":"0.78863","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01183","scoring_system":"epss","scoring_elements":"0.7872","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01183","scoring_system":"epss","scoring_elements":"0.78728","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01183","scoring_system":"epss","scoring_elements":"0.78759","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01183","scoring_system":"epss","scoring_elements":"0.78741","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01183","scoring_system":"epss","scoring_elements":"0.78767","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01183","scoring_system":"epss","scoring_elements":"0.78774","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01183","scoring_system":"epss","scoring_elements":"0.78797","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01183","scoring_system":"epss","scoring_elements":"0.7878","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01183","scoring_system":"epss","scoring_elements":"0.78771","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01183","scoring_system":"epss","scoring_elements":"0.788","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01183","scoring_system":"epss","scoring_elements":"0.78798","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01183","scoring_system":"epss","scoring_elements":"0.78793","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01183","scoring_system":"epss","scoring_elements":"0.78821","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01183","scoring_system":"epss","scoring_elements":"0.78827","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01183","scoring_system":"epss","scoring_elements":"0.78844","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39906"},{"reference_url":"https://security.archlinux.org/AVG-2503","reference_id":"AVG-2503","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39906"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j6gp-wgz9-17h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/278991?format=json","vulnerability_id":"VCID-j768-de1g-puhu","summary":"Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3060","reference_id":"","reference_type":"","scores":[{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63417","published_at":"2026-05-05T12:55:00Z"},{"value":"0.006","scoring_system":"epss","scoring_elements":"0.6954","published_at":"2026-04-24T12:55:00Z"},{"value":"0.006","scoring_system":"epss","scoring_elements":"0.69487","published_at":"2026-04-21T12:55:00Z"},{"value":"0.006","scoring_system":"epss","scoring_elements":"0.69471","published_at":"2026-04-12T12:55:00Z"},{"value":"0.006","scoring_system":"epss","scoring_elements":"0.69457","published_at":"2026-04-13T12:55:00Z"},{"value":"0.006","scoring_system":"epss","scoring_elements":"0.69496","published_at":"2026-04-16T12:55:00Z"},{"value":"0.006","scoring_system":"epss","scoring_elements":"0.69506","published_at":"2026-04-18T12:55:00Z"},{"value":"0.006","scoring_system":"epss","scoring_elements":"0.69547","published_at":"2026-04-26T12:55:00Z"},{"value":"0.006","scoring_system":"epss","scoring_elements":"0.69551","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.7029","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70252","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70229","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70275","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70235","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70314","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3060"},{"reference_url":"https://hackerone.com/reports/1600343","reference_id":"1600343","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T16:19:48Z/"}],"url":"https://hackerone.com/reports/1600343"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/365427","reference_id":"365427","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T16:19:48Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/365427"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3060.json","reference_id":"CVE-2022-3060.json","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T16:19:48Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3060.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3060"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j768-de1g-puhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256798?format=json","vulnerability_id":"VCID-j8nr-cgq2-ubf9","summary":"Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39930","reference_id":"","reference_type":"","scores":[{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47643","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47719","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47757","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47777","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47726","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.4778","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47776","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47801","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47787","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47842","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47834","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.4777","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47727","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39930"},{"reference_url":"https://security.archlinux.org/AVG-2604","reference_id":"AVG-2604","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2604"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39930"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j8nr-cgq2-ubf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264291?format=json","vulnerability_id":"VCID-jbhs-qrhe-u7hf","summary":"A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0136","reference_id":"","reference_type":"","scores":[{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41846","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41911","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41939","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41866","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41917","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41927","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41951","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41916","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41902","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41953","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41926","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41855","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41783","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41704","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41563","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0136"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0136"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jbhs-qrhe-u7hf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/285701?format=json","vulnerability_id":"VCID-jes6-h7ua-k7e4","summary":"An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1708","reference_id":"","reference_type":"","scores":[{"value":"0.04492","scoring_system":"epss","scoring_elements":"0.89092","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04492","scoring_system":"epss","scoring_elements":"0.8913","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04492","scoring_system":"epss","scoring_elements":"0.89134","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04492","scoring_system":"epss","scoring_elements":"0.8912","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04492","scoring_system":"epss","scoring_elements":"0.89122","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04492","scoring_system":"epss","scoring_elements":"0.89125","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04492","scoring_system":"epss","scoring_elements":"0.89114","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04492","scoring_system":"epss","scoring_elements":"0.89109","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05171","scoring_system":"epss","scoring_elements":"0.89941","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05171","scoring_system":"epss","scoring_elements":"0.89929","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05171","scoring_system":"epss","scoring_elements":"0.89928","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05171","scoring_system":"epss","scoring_elements":"0.89927","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06427","scoring_system":"epss","scoring_elements":"0.91012","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06427","scoring_system":"epss","scoring_elements":"0.91021","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1708"},{"reference_url":"https://hackerone.com/reports/1805604","reference_id":"1805604","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:51:48Z/"}],"url":"https://hackerone.com/reports/1805604"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/387185","reference_id":"387185","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:51:48Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/387185"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1708.json","reference_id":"CVE-2023-1708.json","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:51:48Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1708.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-1708"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jes6-h7ua-k7e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/285269?format=json","vulnerability_id":"VCID-jjyp-4p8z-kufj","summary":"An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an issue from an epic.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1071","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17618","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17572","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26386","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26656","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26598","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2659","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26518","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26693","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26761","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26811","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26815","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26769","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26713","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2672","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26691","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1071"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/385434","reference_id":"385434","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:58:37Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/385434"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1071.json","reference_id":"CVE-2023-1071.json","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:58:37Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1071.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-1071"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jjyp-4p8z-kufj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240570?format=json","vulnerability_id":"VCID-jr1u-sfzc-5kgr","summary":"Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22254","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50782","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50838","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50864","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50821","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50878","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50876","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50918","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50896","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5088","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50924","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50904","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50853","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50861","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5082","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50744","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22254"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22254"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jr1u-sfzc-5kgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264269?format=json","vulnerability_id":"VCID-jxuk-mn5f-vkav","summary":"An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in the UI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0090","reference_id":"","reference_type":"","scores":[{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50466","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50523","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.5055","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50504","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50558","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50555","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50597","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50574","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.5056","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50602","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50606","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50584","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50533","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50541","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50495","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50415","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0090"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0090"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxuk-mn5f-vkav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/285499?format=json","vulnerability_id":"VCID-jy9p-jeet-byb9","summary":"An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1417","reference_id":"","reference_type":"","scores":[{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69677","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69636","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69621","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69607","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69646","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69655","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69689","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69697","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69702","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69547","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69597","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69614","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00696","scoring_system":"epss","scoring_elements":"0.719","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00696","scoring_system":"epss","scoring_elements":"0.71881","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1417"},{"reference_url":"https://hackerone.com/reports/1892200","reference_id":"1892200","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T15:26:20Z/"}],"url":"https://hackerone.com/reports/1892200"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/396720","reference_id":"396720","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T15:26:20Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/396720"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1417.json","reference_id":"CVE-2023-1417.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T15:26:20Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1417.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-1417"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jy9p-jeet-byb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240517?format=json","vulnerability_id":"VCID-k29f-m5ey-f3d6","summary":"All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22218","reference_id":"","reference_type":"","scores":[{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31118","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31672","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31804","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31848","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31668","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31719","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31749","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31752","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31712","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31677","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31709","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31687","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31654","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31477","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.3135","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31269","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22218"},{"reference_url":"https://security.archlinux.org/ASA-202106-21","reference_id":"ASA-202106-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-21"},{"reference_url":"https://security.archlinux.org/AVG-2023","reference_id":"AVG-2023","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22218"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k29f-m5ey-f3d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/284562?format=json","vulnerability_id":"VCID-k2ky-z72d-pkdp","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0042","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39121","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39343","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39328","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39246","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3962","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39642","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39559","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39613","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39628","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39637","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39601","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39584","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39635","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39606","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39522","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0042"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab-pages/-/issues/728","reference_id":"728","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T13:40:59Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab-pages/-/issues/728"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0042.json","reference_id":"CVE-2023-0042.json","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T13:40:59Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0042.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-0042"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2ky-z72d-pkdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273692?format=json","vulnerability_id":"VCID-k32v-rex9-tkbx","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to read repository content by an unauthorised user if a project member used a crafted link.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2907","reference_id":"","reference_type":"","scores":[{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67262","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67259","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67279","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67265","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.6723","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67277","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67257","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67288","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67289","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67194","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67218","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67245","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2907"},{"reference_url":"https://hackerone.com/reports/1417680","reference_id":"1417680","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T17:42:23Z/"}],"url":"https://hackerone.com/reports/1417680"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/349388","reference_id":"349388","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T17:42:23Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/349388"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2907.json","reference_id":"CVE-2022-2907.json","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T17:42:23Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2907.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2907"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k32v-rex9-tkbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240500?format=json","vulnerability_id":"VCID-k8rh-pg4b-nubu","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22203","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47191","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47272","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47308","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47329","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47275","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.4733","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47327","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47351","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47325","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47332","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.4739","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47384","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47335","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.4732","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22203"},{"reference_url":"https://security.archlinux.org/AVG-1770","reference_id":"AVG-1770","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1770"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22203"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8rh-pg4b-nubu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240481?format=json","vulnerability_id":"VCID-kacu-wtbz-7bf4","summary":"A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22190","reference_id":"","reference_type":"","scores":[{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56261","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56364","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56386","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56366","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56417","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56423","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56436","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56411","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56392","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56424","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56425","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56396","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56323","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56342","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56321","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56275","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22190"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kacu-wtbz-7bf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256815?format=json","vulnerability_id":"VCID-kj1q-pzn3-qycb","summary":"A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to potentially cause denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39942","reference_id":"","reference_type":"","scores":[{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42529","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.426","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42629","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42567","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42619","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.4263","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42653","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42617","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42589","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42648","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42633","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42568","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42506","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42423","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42281","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39942"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39942"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kj1q-pzn3-qycb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273225?format=json","vulnerability_id":"VCID-kjfx-qqpg-jbhh","summary":"A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2185","reference_id":"","reference_type":"","scores":[{"value":"0.90111","scoring_system":"epss","scoring_elements":"0.99585","published_at":"2026-04-02T12:55:00Z"},{"value":"0.90111","scoring_system":"epss","scoring_elements":"0.99586","published_at":"2026-04-04T12:55:00Z"},{"value":"0.90111","scoring_system":"epss","scoring_elements":"0.99587","published_at":"2026-04-11T12:55:00Z"},{"value":"0.90111","scoring_system":"epss","scoring_elements":"0.99588","published_at":"2026-04-13T12:55:00Z"},{"value":"0.90111","scoring_system":"epss","scoring_elements":"0.99589","published_at":"2026-04-18T12:55:00Z"},{"value":"0.90111","scoring_system":"epss","scoring_elements":"0.9959","published_at":"2026-04-24T12:55:00Z"},{"value":"0.90111","scoring_system":"epss","scoring_elements":"0.99591","published_at":"2026-04-26T12:55:00Z"},{"value":"0.90111","scoring_system":"epss","scoring_elements":"0.99592","published_at":"2026-04-29T12:55:00Z"},{"value":"0.90111","scoring_system":"epss","scoring_elements":"0.99594","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2185"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2185"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjfx-qqpg-jbhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240495?format=json","vulnerability_id":"VCID-ktef-sqf6-ckfp","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22200","reference_id":"","reference_type":"","scores":[{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38322","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.3868","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38817","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38837","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38766","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38816","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38827","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38839","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38802","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38775","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.3882","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38798","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38718","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38554","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38529","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38441","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22200"},{"reference_url":"https://security.archlinux.org/AVG-1770","reference_id":"AVG-1770","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1770"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22200"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ktef-sqf6-ckfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240534?format=json","vulnerability_id":"VCID-ktjp-pvqu-5yf7","summary":"A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22231","reference_id":"","reference_type":"","scores":[{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.5918","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59104","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59178","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59202","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59166","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59217","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.5923","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.5925","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59232","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59214","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59255","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59237","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59218","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59223","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22231"},{"reference_url":"https://security.archlinux.org/ASA-202107-18","reference_id":"ASA-202107-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-18"},{"reference_url":"https://security.archlinux.org/AVG-2125","reference_id":"AVG-2125","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22231"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ktjp-pvqu-5yf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265145?format=json","vulnerability_id":"VCID-m2gu-w4p5-s3du","summary":"A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1121","reference_id":"","reference_type":"","scores":[{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39706","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39854","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39877","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39799","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39853","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39867","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39843","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39826","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39875","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39847","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39767","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39587","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39577","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39494","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39366","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1121"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1121"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m2gu-w4p5-s3du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256800?format=json","vulnerability_id":"VCID-m6c7-dfbf-r7gr","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39931","reference_id":"","reference_type":"","scores":[{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.4847","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48538","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48574","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48597","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48549","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48603","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48599","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.4862","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48593","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48606","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48656","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48651","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48608","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48604","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48554","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39931"},{"reference_url":"https://security.archlinux.org/ASA-202112-10","reference_id":"ASA-202112-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-10"},{"reference_url":"https://security.archlinux.org/AVG-2603","reference_id":"AVG-2603","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2603"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39931"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m6c7-dfbf-r7gr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273678?format=json","vulnerability_id":"VCID-m9cw-hzjf-6kfq","summary":"A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2884","reference_id":"","reference_type":"","scores":[{"value":"0.62892","scoring_system":"epss","scoring_elements":"0.98401","published_at":"2026-05-05T12:55:00Z"},{"value":"0.67741","scoring_system":"epss","scoring_elements":"0.98575","published_at":"2026-04-07T12:55:00Z"},{"value":"0.67741","scoring_system":"epss","scoring_elements":"0.9858","published_at":"2026-04-12T12:55:00Z"},{"value":"0.67741","scoring_system":"epss","scoring_elements":"0.98582","published_at":"2026-04-13T12:55:00Z"},{"value":"0.67741","scoring_system":"epss","scoring_elements":"0.98587","published_at":"2026-04-21T12:55:00Z"},{"value":"0.67741","scoring_system":"epss","scoring_elements":"0.98588","published_at":"2026-04-18T12:55:00Z"},{"value":"0.67741","scoring_system":"epss","scoring_elements":"0.98591","published_at":"2026-04-24T12:55:00Z"},{"value":"0.67741","scoring_system":"epss","scoring_elements":"0.98592","published_at":"2026-04-29T12:55:00Z"},{"value":"0.67741","scoring_system":"epss","scoring_elements":"0.98573","published_at":"2026-04-04T12:55:00Z"},{"value":"0.67741","scoring_system":"epss","scoring_elements":"0.9857","published_at":"2026-04-02T12:55:00Z"},{"value":"0.67741","scoring_system":"epss","scoring_elements":"0.98577","published_at":"2026-04-08T12:55:00Z"},{"value":"0.67741","scoring_system":"epss","scoring_elements":"0.98579","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2884"},{"reference_url":"https://hackerone.com/reports/1672388","reference_id":"1672388","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:23:51Z/"}],"url":"https://hackerone.com/reports/1672388"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/371098","reference_id":"371098","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:23:51Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/371098"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/51181.py","reference_id":"CVE-2022-2884","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/51181.py"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2884.json","reference_id":"CVE-2022-2884.json","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:23:51Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2884.json"},{"reference_url":"http://packetstormsecurity.com/files/171628/GitLab-15.3-Remote-Code-Execution.html","reference_id":"GitLab-15.3-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:23:51Z/"}],"url":"http://packetstormsecurity.com/files/171628/GitLab-15.3-Remote-Code-Execution.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2884"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m9cw-hzjf-6kfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266410?format=json","vulnerability_id":"VCID-mbnw-5r9b-mybe","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2539","reference_id":"","reference_type":"","scores":[{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40437","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40868","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40895","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40822","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40872","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40878","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40894","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.4086","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.4084","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40884","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40854","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40775","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40681","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40669","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40584","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2539"},{"reference_url":"https://security.archlinux.org/AVG-2785","reference_id":"AVG-2785","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2785"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2539"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbnw-5r9b-mybe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264321?format=json","vulnerability_id":"VCID-mgy7-efcp-wbdv","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0172","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2435","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24476","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2451","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24294","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24361","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24405","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24422","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2438","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24323","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2434","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2433","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24303","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24179","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24166","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24125","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2401","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0172"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0172"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mgy7-efcp-wbdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279329?format=json","vulnerability_id":"VCID-mn18-gsrf-bfaf","summary":"Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't have access to that project.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3706","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36685","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36923","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.3689","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36802","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37304","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.3733","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37157","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37209","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37223","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37234","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.372","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37173","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37219","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37202","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37146","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3706"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/365532","reference_id":"365532","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:23:44Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/365532"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3706.json","reference_id":"CVE-2022-3706.json","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:23:44Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3706.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3706"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mn18-gsrf-bfaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240464?format=json","vulnerability_id":"VCID-mnm5-sw92-cyfx","summary":"An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22180","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33756","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34093","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34125","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33984","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34027","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34058","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34057","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34014","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3399","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34025","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34013","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33979","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33609","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33589","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33509","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33391","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22180"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22180"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mnm5-sw92-cyfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266418?format=json","vulnerability_id":"VCID-mrtq-9dj4-a7bf","summary":"A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2307","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24365","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24776","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24814","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24589","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24657","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24705","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24718","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24678","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24621","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24634","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24623","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24601","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24545","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24532","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24489","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2307"},{"reference_url":"https://security.archlinux.org/AVG-2785","reference_id":"AVG-2785","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2785"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2307"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mrtq-9dj4-a7bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240449?format=json","vulnerability_id":"VCID-mvz1-n3g4-zud8","summary":"Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22170","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20399","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20545","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20603","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20332","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20413","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20471","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20495","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2045","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20394","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20384","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20385","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20383","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20257","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20252","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20218","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2013","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22170"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22170"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mvz1-n3g4-zud8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240474?format=json","vulnerability_id":"VCID-my6e-5thk-hkdc","summary":"An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22186","reference_id":"","reference_type":"","scores":[{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.3784","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38232","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38367","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38391","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38257","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38307","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38316","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38334","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38298","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38273","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.3832","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38234","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38075","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38051","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37958","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22186"},{"reference_url":"https://security.archlinux.org/AVG-1648","reference_id":"AVG-1648","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1648"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22186"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-my6e-5thk-hkdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240451?format=json","vulnerability_id":"VCID-myew-c4zd-u3cw","summary":"Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22171","reference_id":"","reference_type":"","scores":[{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31459","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32127","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32167","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.3199","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32041","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.3207","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32074","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32035","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32003","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32036","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32014","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31987","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31821","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31694","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31612","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22171"},{"reference_url":"https://security.archlinux.org/ASA-202101-10","reference_id":"ASA-202101-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-10"},{"reference_url":"https://security.archlinux.org/AVG-1416","reference_id":"AVG-1416","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1416"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22171"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-myew-c4zd-u3cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265174?format=json","vulnerability_id":"VCID-n13v-9faq-6fcx","summary":"A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1185","reference_id":"","reference_type":"","scores":[{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58377","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58462","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58481","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58452","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58504","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.5851","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58527","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58508","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58488","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.5852","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58525","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.5847","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58482","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58469","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58434","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1185"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1185"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n13v-9faq-6fcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279261?format=json","vulnerability_id":"VCID-n1gx-qsm8-bqgy","summary":"A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3572","reference_id":"","reference_type":"","scores":[{"value":"0.10212","scoring_system":"epss","scoring_elements":"0.93174","published_at":"2026-05-05T12:55:00Z"},{"value":"0.10212","scoring_system":"epss","scoring_elements":"0.93158","published_at":"2026-04-18T12:55:00Z"},{"value":"0.10212","scoring_system":"epss","scoring_elements":"0.93165","published_at":"2026-04-21T12:55:00Z"},{"value":"0.10212","scoring_system":"epss","scoring_elements":"0.93171","published_at":"2026-04-24T12:55:00Z"},{"value":"0.10212","scoring_system":"epss","scoring_elements":"0.9317","published_at":"2026-04-26T12:55:00Z"},{"value":"0.10212","scoring_system":"epss","scoring_elements":"0.93167","published_at":"2026-04-29T12:55:00Z"},{"value":"0.10212","scoring_system":"epss","scoring_elements":"0.93117","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10212","scoring_system":"epss","scoring_elements":"0.9312","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10212","scoring_system":"epss","scoring_elements":"0.93119","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10212","scoring_system":"epss","scoring_elements":"0.93128","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10212","scoring_system":"epss","scoring_elements":"0.93133","published_at":"2026-04-09T12:55:00Z"},{"value":"0.10212","scoring_system":"epss","scoring_elements":"0.93138","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10212","scoring_system":"epss","scoring_elements":"0.93135","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10212","scoring_system":"epss","scoring_elements":"0.93137","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10212","scoring_system":"epss","scoring_elements":"0.93153","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3572"},{"reference_url":"https://hackerone.com/reports/1727985","reference_id":"1727985","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-02T15:03:41Z/"}],"url":"https://hackerone.com/reports/1727985"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/378214","reference_id":"378214","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-02T15:03:41Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/378214"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3572.json","reference_id":"CVE-2022-3572.json","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-02T15:03:41Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3572.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3572"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n1gx-qsm8-bqgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256784?format=json","vulnerability_id":"VCID-n2jn-c1k6-67b9","summary":"Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39916","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51413","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51418","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51469","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51497","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51456","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5151","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51508","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51551","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5153","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51518","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51561","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5157","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51549","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51502","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39916"},{"reference_url":"https://security.archlinux.org/AVG-2604","reference_id":"AVG-2604","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2604"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39916"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n2jn-c1k6-67b9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256732?format=json","vulnerability_id":"VCID-n5mw-p57c-2ba3","summary":"In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39882","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27481","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28052","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28124","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28167","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27963","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28031","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28073","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.2808","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28037","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.2798","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27988","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27971","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27922","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27838","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27726","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27652","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39882"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39882"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n5mw-p57c-2ba3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240518?format=json","vulnerability_id":"VCID-n7d2-p93t-73fg","summary":"All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22219","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.4282","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43055","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43141","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.4308","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43133","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43145","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43166","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43118","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43179","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43168","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43102","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43036","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43038","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42956","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22219"},{"reference_url":"https://security.archlinux.org/ASA-202106-21","reference_id":"ASA-202106-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-21"},{"reference_url":"https://security.archlinux.org/AVG-2023","reference_id":"AVG-2023","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22219"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7d2-p93t-73fg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240508?format=json","vulnerability_id":"VCID-n7n7-hk7v-rqa4","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22210","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34149","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34504","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34722","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34748","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34626","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34669","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34697","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.347","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34662","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34637","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34676","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34661","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34621","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34384","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34366","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34282","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22210"},{"reference_url":"https://security.archlinux.org/ASA-202105-4","reference_id":"ASA-202105-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-4"},{"reference_url":"https://security.archlinux.org/AVG-1888","reference_id":"AVG-1888","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1888"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22210"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7n7-hk7v-rqa4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240512?format=json","vulnerability_id":"VCID-n83t-8xmt-q7cs","summary":"When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22214","reference_id":"","reference_type":"","scores":[{"value":"0.92676","scoring_system":"epss","scoring_elements":"0.99755","published_at":"2026-05-05T12:55:00Z"},{"value":"0.92676","scoring_system":"epss","scoring_elements":"0.9975","published_at":"2026-04-21T12:55:00Z"},{"value":"0.92676","scoring_system":"epss","scoring_elements":"0.99752","published_at":"2026-04-24T12:55:00Z"},{"value":"0.92676","scoring_system":"epss","scoring_elements":"0.99753","published_at":"2026-04-26T12:55:00Z"},{"value":"0.92676","scoring_system":"epss","scoring_elements":"0.99754","published_at":"2026-04-29T12:55:00Z"},{"value":"0.93431","scoring_system":"epss","scoring_elements":"0.99815","published_at":"2026-04-04T12:55:00Z"},{"value":"0.93431","scoring_system":"epss","scoring_elements":"0.99816","published_at":"2026-04-09T12:55:00Z"},{"value":"0.93431","scoring_system":"epss","scoring_elements":"0.99817","published_at":"2026-04-13T12:55:00Z"},{"value":"0.9357","scoring_system":"epss","scoring_elements":"0.99833","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22214"},{"reference_url":"https://security.archlinux.org/ASA-202106-21","reference_id":"ASA-202106-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-21"},{"reference_url":"https://security.archlinux.org/AVG-2023","reference_id":"AVG-2023","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22214"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n83t-8xmt-q7cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/284618?format=json","vulnerability_id":"VCID-ncby-z5xr-27by","summary":"A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0121","reference_id":"","reference_type":"","scores":[{"value":"0.01327","scoring_system":"epss","scoring_elements":"0.8002","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01327","scoring_system":"epss","scoring_elements":"0.79933","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01327","scoring_system":"epss","scoring_elements":"0.79926","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01327","scoring_system":"epss","scoring_elements":"0.79954","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01327","scoring_system":"epss","scoring_elements":"0.79958","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01327","scoring_system":"epss","scoring_elements":"0.79986","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01327","scoring_system":"epss","scoring_elements":"0.79992","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01327","scoring_system":"epss","scoring_elements":"0.80008","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01327","scoring_system":"epss","scoring_elements":"0.79904","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01327","scoring_system":"epss","scoring_elements":"0.79892","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01327","scoring_system":"epss","scoring_elements":"0.79921","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01327","scoring_system":"epss","scoring_elements":"0.79929","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01327","scoring_system":"epss","scoring_elements":"0.7995","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01559","scoring_system":"epss","scoring_elements":"0.81415","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0121"},{"reference_url":"https://hackerone.com/reports/1774688","reference_id":"1774688","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T17:00:02Z/"}],"url":"https://hackerone.com/reports/1774688"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/387549","reference_id":"387549","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T17:00:02Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/387549"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0121.json","reference_id":"CVE-2023-0121.json","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T17:00:02Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0121.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-0121"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ncby-z5xr-27by"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256719?format=json","vulnerability_id":"VCID-ncrc-1zac-tucd","summary":"In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39872","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43758","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44048","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44072","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44003","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44054","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44056","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44071","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44038","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44022","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44084","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44075","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44009","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43961","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43964","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43879","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39872"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39872"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ncrc-1zac-tucd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279362?format=json","vulnerability_id":"VCID-nf4u-tmjr-ykge","summary":"An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3758","reference_id":"","reference_type":"","scores":[{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62445","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62485","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62492","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62475","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62501","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62498","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62393","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62424","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.6239","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62438","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62455","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62474","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62464","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62441","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3758"},{"reference_url":"https://hackerone.com/reports/1751258","reference_id":"1751258","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T17:30:33Z/"}],"url":"https://hackerone.com/reports/1751258"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/379598","reference_id":"379598","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T17:30:33Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/379598"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3758.json","reference_id":"CVE-2022-3758.json","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T17:30:33Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3758.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3758"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nf4u-tmjr-ykge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265149?format=json","vulnerability_id":"VCID-nppq-4ze2-p7bk","summary":"Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the victim's other private websites","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1148","reference_id":"","reference_type":"","scores":[{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42262","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42337","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42366","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42308","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42356","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42363","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42387","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42351","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42322","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.4237","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42346","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42273","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42205","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42201","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.41975","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1148"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nppq-4ze2-p7bk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265685?format=json","vulnerability_id":"VCID-nr16-z21q-aygq","summary":"An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1999","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35571","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35767","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35793","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35673","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35719","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35742","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35751","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35706","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35683","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35723","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35711","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35662","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35428","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35407","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35327","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35209","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1999"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1999"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nr16-z21q-aygq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273693?format=json","vulnerability_id":"VCID-nskz-aqm2-c3eb","summary":"A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2908","reference_id":"","reference_type":"","scores":[{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41619","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48824","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48818","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48772","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48827","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48792","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48841","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50387","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50333","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50343","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50295","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50376","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50362","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50406","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.5041","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2908"},{"reference_url":"https://hackerone.com/reports/1584156","reference_id":"1584156","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:10:50Z/"}],"url":"https://hackerone.com/reports/1584156"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/363734","reference_id":"363734","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:10:50Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/363734"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2908.json","reference_id":"CVE-2022-2908.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:10:50Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2908.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2908"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nskz-aqm2-c3eb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55390?format=json","vulnerability_id":"VCID-nt6t-mfd5-k3fn","summary":"apollo_upload_server has Denial of Service vulnerability\nA Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE version 11.11 and above allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39880","reference_id":"","reference_type":"","scores":[{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59794","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.5976","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59797","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59812","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59679","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59752","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59776","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59746","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59798","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59811","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.5983","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59814","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59796","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59833","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.5984","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59824","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39880"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39880"},{"reference_url":"https://github.com/jetruby/apollo_upload_server-ruby","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jetruby/apollo_upload_server-ruby"},{"reference_url":"https://github.com/jetruby/apollo_upload_server-ruby/commit/b0582c1a3e458eee3c994fb38278bd0221f20486","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jetruby/apollo_upload_server-ruby/commit/b0582c1a3e458eee3c994fb38278bd0221f20486"},{"reference_url":"https://github.com/jetruby/apollo_upload_server-ruby/pull/44","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jetruby/apollo_upload_server-ruby/pull/44"},{"reference_url":"https://github.com/jetruby/apollo_upload_server-ruby/releases/tag/2.1.0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jetruby/apollo_upload_server-ruby/releases/tag/2.1.0"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/apollo_upload_server/CVE-2021-39880.yml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/apollo_upload_server/CVE-2021-39880.yml"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39880.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39880.json"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/330561","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/330561"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/330561#note_642879964","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/330561#note_642879964"},{"reference_url":"https://hackerone.com/reports/1181284","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1181284"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39880","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39880"},{"reference_url":"https://vuldb.com/?id.183842","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://vuldb.com/?id.183842"},{"reference_url":"https://github.com/advisories/GHSA-w6pv-c757-6rgr","reference_id":"GHSA-w6pv-c757-6rgr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w6pv-c757-6rgr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39880","GHSA-w6pv-c757-6rgr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nt6t-mfd5-k3fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279222?format=json","vulnerability_id":"VCID-nwmu-uakv-eqfa","summary":"An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3482","reference_id":"","reference_type":"","scores":[{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.5901","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59082","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59086","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59046","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59063","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.5905","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.5902","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59042","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59008","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59059","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59065","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59084","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59066","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59047","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3482"},{"reference_url":"https://hackerone.com/reports/1725841","reference_id":"1725841","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:04:13Z/"}],"url":"https://hackerone.com/reports/1725841"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/377802","reference_id":"377802","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:04:13Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/377802"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3482.json","reference_id":"CVE-2022-3482.json","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:04:13Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3482.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3482"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nwmu-uakv-eqfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265477?format=json","vulnerability_id":"VCID-p2cr-m73e-tkcj","summary":"An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users' email addresses via SCIM to an attacker controlled email address and thus - in the absence of 2FA - take over those accounts. It is also possible for the attacker to change the display name and username of the targeted account.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1680","reference_id":"","reference_type":"","scores":[{"value":"0.05192","scoring_system":"epss","scoring_elements":"0.89959","published_at":"2026-05-05T12:55:00Z"},{"value":"0.10386","scoring_system":"epss","scoring_elements":"0.93192","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10386","scoring_system":"epss","scoring_elements":"0.93196","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10386","scoring_system":"epss","scoring_elements":"0.93194","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10386","scoring_system":"epss","scoring_elements":"0.93203","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10386","scoring_system":"epss","scoring_elements":"0.93207","published_at":"2026-04-09T12:55:00Z"},{"value":"0.10386","scoring_system":"epss","scoring_elements":"0.93211","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10386","scoring_system":"epss","scoring_elements":"0.93209","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10386","scoring_system":"epss","scoring_elements":"0.93183","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10386","scoring_system":"epss","scoring_elements":"0.93226","published_at":"2026-04-16T12:55:00Z"},{"value":"0.10386","scoring_system":"epss","scoring_elements":"0.93231","published_at":"2026-04-18T12:55:00Z"},{"value":"0.10386","scoring_system":"epss","scoring_elements":"0.93238","published_at":"2026-04-21T12:55:00Z"},{"value":"0.10386","scoring_system":"epss","scoring_elements":"0.93244","published_at":"2026-04-24T12:55:00Z"},{"value":"0.10386","scoring_system":"epss","scoring_elements":"0.93242","published_at":"2026-04-26T12:55:00Z"},{"value":"0.10386","scoring_system":"epss","scoring_elements":"0.93237","published_at":"2026-04-29T12:55:00Z"},{"value":"0.10386","scoring_system":"epss","scoring_elements":"0.9321","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1680"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1680"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p2cr-m73e-tkcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240528?format=json","vulnerability_id":"VCID-p3g7-kade-fqfq","summary":"A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22227","reference_id":"","reference_type":"","scores":[{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28128","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28691","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28773","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28821","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28693","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28732","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28737","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28645","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28664","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28639","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28591","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28477","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28364","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28289","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22227"},{"reference_url":"https://security.archlinux.org/ASA-202107-18","reference_id":"ASA-202107-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-18"},{"reference_url":"https://security.archlinux.org/AVG-2125","reference_id":"AVG-2125","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22227"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p3g7-kade-fqfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265144?format=json","vulnerability_id":"VCID-p3rb-k9b7-nubz","summary":"Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1120","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47302","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47338","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47359","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47307","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47362","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.4736","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47384","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47365","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47424","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47418","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.4737","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47357","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47366","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47313","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47231","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1120"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1120"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p3rb-k9b7-nubz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/285386?format=json","vulnerability_id":"VCID-pbx3-txrf-7khk","summary":"An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1265","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10193","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10261","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10134","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10107","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10241","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1022","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10208","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10155","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10257","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10153","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10227","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1029","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10321","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1028","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15643","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1265"},{"reference_url":"https://hackerone.com/reports/1888690","reference_id":"1888690","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T21:48:32Z/"}],"url":"https://hackerone.com/reports/1888690"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/394960","reference_id":"394960","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T21:48:32Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/394960"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1265.json","reference_id":"CVE-2023-1265.json","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T21:48:32Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1265.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-1265"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pbx3-txrf-7khk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/292375?format=json","vulnerability_id":"VCID-pk3s-fw2e-wfe3","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2478","reference_id":"","reference_type":"","scores":[{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.56997","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57143","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57139","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57117","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57048","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57067","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57092","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57115","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57142","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57144","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57157","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57136","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57116","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2478"},{"reference_url":"https://hackerone.com/reports/1969599","reference_id":"1969599","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-29T17:16:17Z/"}],"url":"https://hackerone.com/reports/1969599"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/409470","reference_id":"409470","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-29T17:16:17Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/409470"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2478.json","reference_id":"CVE-2023-2478.json","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-29T17:16:17Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2478.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-2478"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pk3s-fw2e-wfe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279399?format=json","vulnerability_id":"VCID-pvbz-xug9-tbem","summary":"An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3819","reference_id":"","reference_type":"","scores":[{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28137","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28484","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28372","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28297","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28781","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28829","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28635","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28701","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28739","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28743","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28699","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28651","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.2867","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28646","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28598","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3819"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/365847","reference_id":"365847","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:20:26Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/365847"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3819.json","reference_id":"CVE-2022-3819.json","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:20:26Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3819.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3819"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pvbz-xug9-tbem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264605?format=json","vulnerability_id":"VCID-pvu9-jhxn-7qfa","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0488","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34674","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34889","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34916","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34794","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34838","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34867","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34872","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34834","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3481","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34848","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34831","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34787","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3455","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34529","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34443","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34318","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0488"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0488"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pvu9-jhxn-7qfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/285274?format=json","vulnerability_id":"VCID-pyhd-r9cj-bqd9","summary":"An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1084","reference_id":"","reference_type":"","scores":[{"value":"0.03934","scoring_system":"epss","scoring_elements":"0.88375","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03934","scoring_system":"epss","scoring_elements":"0.88346","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03934","scoring_system":"epss","scoring_elements":"0.88342","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03934","scoring_system":"epss","scoring_elements":"0.88358","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03934","scoring_system":"epss","scoring_elements":"0.88363","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03934","scoring_system":"epss","scoring_elements":"0.88365","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03934","scoring_system":"epss","scoring_elements":"0.88286","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03934","scoring_system":"epss","scoring_elements":"0.88301","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03934","scoring_system":"epss","scoring_elements":"0.88305","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03934","scoring_system":"epss","scoring_elements":"0.88325","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03934","scoring_system":"epss","scoring_elements":"0.88331","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03934","scoring_system":"epss","scoring_elements":"0.88341","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03934","scoring_system":"epss","scoring_elements":"0.88333","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1084"},{"reference_url":"https://hackerone.com/reports/1805549","reference_id":"1805549","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:34:04Z/"}],"url":"https://hackerone.com/reports/1805549"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/390696","reference_id":"390696","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:34:04Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/390696"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1084.json","reference_id":"CVE-2023-1084.json","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:34:04Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1084.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-1084"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pyhd-r9cj-bqd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240484?format=json","vulnerability_id":"VCID-q8mh-pz3u-cufu","summary":"An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22193","reference_id":"","reference_type":"","scores":[{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51204","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51257","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51282","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51242","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51297","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51293","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51337","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51317","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51303","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51343","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51352","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51331","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51278","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51285","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51249","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51192","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22193"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22193"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q8mh-pz3u-cufu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264271?format=json","vulnerability_id":"VCID-q9ks-5exh-c7at","summary":"An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access sensitive information through RSS feeds.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0093","reference_id":"","reference_type":"","scores":[{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.5262","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52663","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.5269","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52655","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52705","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52699","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.5275","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52733","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52718","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52756","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52764","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52748","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52709","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.5267","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52614","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0093"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0093"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q9ks-5exh-c7at"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/283833?format=json","vulnerability_id":"VCID-qbba-6zcj-zyht","summary":"A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4138","reference_id":"","reference_type":"","scores":[{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47351","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.4754","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47492","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.4748","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47487","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47435","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47461","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47482","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47431","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47486","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47483","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47505","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47481","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47488","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47548","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4138"},{"reference_url":"https://hackerone.com/reports/1778009","reference_id":"1778009","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T19:13:06Z/"}],"url":"https://hackerone.com/reports/1778009"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/383709","reference_id":"383709","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T19:13:06Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/383709"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4138.json","reference_id":"CVE-2022-4138.json","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T19:13:06Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4138.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-4138"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbba-6zcj-zyht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279381?format=json","vulnerability_id":"VCID-qnnn-gkya-57gx","summary":"An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3793","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.38888","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39113","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39095","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39014","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39409","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39433","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39347","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39402","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39419","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.3943","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39391","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39373","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39425","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39396","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39309","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3793"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/372120","reference_id":"372120","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:21:55Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/372120"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3793.json","reference_id":"CVE-2022-3793.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:21:55Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3793.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3793"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qnnn-gkya-57gx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264606?format=json","vulnerability_id":"VCID-qp9w-2nrf-37g8","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0489","reference_id":"","reference_type":"","scores":[{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41949","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.4201","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42038","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41965","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42015","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42026","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42049","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42011","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41997","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42047","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.4202","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.4195","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41889","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41883","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41799","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41659","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0489"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0489"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qp9w-2nrf-37g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240548?format=json","vulnerability_id":"VCID-qs8s-5gm5-m3hy","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22241","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40598","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40933","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41015","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41046","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40972","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41021","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41029","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41047","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41012","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40996","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41038","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41008","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40931","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40837","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40824","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40741","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22241"},{"reference_url":"https://security.archlinux.org/ASA-202108-7","reference_id":"ASA-202108-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-7"},{"reference_url":"https://security.archlinux.org/AVG-2251","reference_id":"AVG-2251","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2251"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22241"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qs8s-5gm5-m3hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/292033?format=json","vulnerability_id":"VCID-qu4k-ch4z-quck","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2013","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44431","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44727","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44782","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44774","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44704","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44624","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44631","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44552","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44747","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44686","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44739","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44741","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44757","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44726","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49371","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2013"},{"reference_url":"https://hackerone.com/reports/1940441","reference_id":"1940441","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:50:51Z/"}],"url":"https://hackerone.com/reports/1940441"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/406844","reference_id":"406844","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:50:51Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/406844"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2013.json","reference_id":"CVE-2023-2013.json","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:50:51Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2013.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-2013"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qu4k-ch4z-quck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279350?format=json","vulnerability_id":"VCID-qvb2-7kb6-9bfn","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys .","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3740","reference_id":"","reference_type":"","scores":[{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39898","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40285","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40209","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.4013","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40116","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40035","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40302","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40327","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40252","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40303","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40315","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40326","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40288","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40269","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40316","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3740"},{"reference_url":"https://hackerone.com/reports/1602904","reference_id":"1602904","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T15:03:08Z/"}],"url":"https://hackerone.com/reports/1602904"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/368416","reference_id":"368416","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T15:03:08Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/368416"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3740.json","reference_id":"CVE-2022-3740.json","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T15:03:08Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3740.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3740"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qvb2-7kb6-9bfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273699?format=json","vulnerability_id":"VCID-qx9h-4txw-fkeg","summary":"A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2931","reference_id":"","reference_type":"","scores":[{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45512","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52708","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52699","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52664","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52714","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52673","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52758","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54199","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54166","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.5418","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54156","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54197","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54176","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54214","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54218","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2931"},{"reference_url":"https://hackerone.com/reports/1543718","reference_id":"1543718","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:25:23Z/"}],"url":"https://hackerone.com/reports/1543718"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/361982","reference_id":"361982","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:25:23Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/361982"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2931.json","reference_id":"CVE-2022-2931.json","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:25:23Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2931.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2931"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qx9h-4txw-fkeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279118?format=json","vulnerability_id":"VCID-qxbn-nsyj-p3d4","summary":"Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3325","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30738","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31094","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30972","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30889","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31413","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31455","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31274","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31327","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31357","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31361","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31318","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31279","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31314","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31293","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31267","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3325"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/360819","reference_id":"360819","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:36:08Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/360819"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3325.json","reference_id":"CVE-2022-3325.json","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:36:08Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3325.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3325"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxbn-nsyj-p3d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240550?format=json","vulnerability_id":"VCID-r1nb-5dxj-uker","summary":"Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22242","reference_id":"","reference_type":"","scores":[{"value":"0.02281","scoring_system":"epss","scoring_elements":"0.84607","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02281","scoring_system":"epss","scoring_elements":"0.84621","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02281","scoring_system":"epss","scoring_elements":"0.84641","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02281","scoring_system":"epss","scoring_elements":"0.84643","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02281","scoring_system":"epss","scoring_elements":"0.84664","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02281","scoring_system":"epss","scoring_elements":"0.84671","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02281","scoring_system":"epss","scoring_elements":"0.84688","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02281","scoring_system":"epss","scoring_elements":"0.84684","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02281","scoring_system":"epss","scoring_elements":"0.84678","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02281","scoring_system":"epss","scoring_elements":"0.847","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02281","scoring_system":"epss","scoring_elements":"0.84701","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02281","scoring_system":"epss","scoring_elements":"0.84702","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02281","scoring_system":"epss","scoring_elements":"0.84729","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02281","scoring_system":"epss","scoring_elements":"0.84738","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02281","scoring_system":"epss","scoring_elements":"0.84739","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02281","scoring_system":"epss","scoring_elements":"0.84754","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22242"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22242"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r1nb-5dxj-uker"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256777?format=json","vulnerability_id":"VCID-r36y-zth9-2bbv","summary":"An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39911","reference_id":"","reference_type":"","scores":[{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44226","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44459","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44528","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.4455","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44488","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44539","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44544","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.4456","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.4453","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44532","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44587","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44579","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44509","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44427","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44431","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.4435","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39911"},{"reference_url":"https://security.archlinux.org/AVG-2503","reference_id":"AVG-2503","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39911"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r36y-zth9-2bbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264464?format=json","vulnerability_id":"VCID-r471-k1sd-r3gw","summary":"An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public project","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0344","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53577","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.536","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53628","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53597","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53649","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53647","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53696","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53679","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53662","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53699","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53704","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53687","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53626","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53579","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0344"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0344"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r471-k1sd-r3gw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265589?format=json","vulnerability_id":"VCID-r985-r2et-jyha","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1821","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41501","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41591","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41619","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41546","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41596","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41606","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41627","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41595","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41581","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41628","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41602","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41526","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41419","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41415","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41336","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41203","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1821"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1821"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r985-r2et-jyha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265147?format=json","vulnerability_id":"VCID-rc6v-b3x8-87bu","summary":"An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1124","reference_id":"","reference_type":"","scores":[{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47643","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47719","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47757","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47777","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47726","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.4778","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47776","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47801","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47787","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47842","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47834","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.4777","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47727","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1124"},{"reference_url":"https://security.archlinux.org/AVG-2696","reference_id":"AVG-2696","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1124"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rc6v-b3x8-87bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273493?format=json","vulnerability_id":"VCID-rs3w-urcr-5ug6","summary":"An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2630","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48713","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48739","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48693","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48748","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48744","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48762","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50332","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50306","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50281","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50287","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.5024","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.5016","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50297","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50286","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50331","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2630"},{"reference_url":"https://hackerone.com/reports/1652853","reference_id":"1652853","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:12:41Z/"}],"url":"https://hackerone.com/reports/1652853"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/369429","reference_id":"369429","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:12:41Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/369429"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2630.json","reference_id":"CVE-2022-2630.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:12:41Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2630.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2630"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rs3w-urcr-5ug6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264656?format=json","vulnerability_id":"VCID-s1wb-a1dn-z7b2","summary":"An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0549","reference_id":"","reference_type":"","scores":[{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.3192","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.32047","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.32088","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.3191","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31963","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31991","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31995","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31955","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31921","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31934","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31906","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31737","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31611","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31527","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31377","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0549"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0549"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s1wb-a1dn-z7b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240535?format=json","vulnerability_id":"VCID-s41d-jhp9-ckae","summary":"HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22232","reference_id":"","reference_type":"","scores":[{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31647","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32175","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32308","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32347","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32171","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.3222","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32247","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32248","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.3221","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.3218","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32213","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32193","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32164","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32002","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31875","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31793","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22232"},{"reference_url":"https://security.archlinux.org/ASA-202107-18","reference_id":"ASA-202107-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-18"},{"reference_url":"https://security.archlinux.org/AVG-2125","reference_id":"AVG-2125","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22232"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s41d-jhp9-ckae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/292081?format=json","vulnerability_id":"VCID-s4s1-xd1y-7khg","summary":"An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2069","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50602","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50638","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50679","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50685","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50665","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50614","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50622","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50578","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50629","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50583","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50637","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50633","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50676","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50653","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65811","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2069"},{"reference_url":"https://hackerone.com/reports/1939987","reference_id":"1939987","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:29:57Z/"}],"url":"https://hackerone.com/reports/1939987"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/407374","reference_id":"407374","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:29:57Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/407374"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2069.json","reference_id":"CVE-2023-2069.json","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:29:57Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2069.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-2069"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s4s1-xd1y-7khg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240511?format=json","vulnerability_id":"VCID-s8ds-5b7r-gfed","summary":"A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22213","reference_id":"","reference_type":"","scores":[{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76541","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76409","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76412","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.7644","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76422","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76454","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76468","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76494","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76472","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76508","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76512","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.765","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76534","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.7654","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76553","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22213"},{"reference_url":"https://security.archlinux.org/ASA-202106-21","reference_id":"ASA-202106-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-21"},{"reference_url":"https://security.archlinux.org/AVG-2023","reference_id":"AVG-2023","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22213"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s8ds-5b7r-gfed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/263915?format=json","vulnerability_id":"VCID-s8jp-pr6y-8qcz","summary":"An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4191","reference_id":"","reference_type":"","scores":[{"value":"0.92054","scoring_system":"epss","scoring_elements":"0.9971","published_at":"2026-04-29T12:55:00Z"},{"value":"0.92054","scoring_system":"epss","scoring_elements":"0.99712","published_at":"2026-05-05T12:55:00Z"},{"value":"0.9226","scoring_system":"epss","scoring_elements":"0.99722","published_at":"2026-04-21T12:55:00Z"},{"value":"0.9226","scoring_system":"epss","scoring_elements":"0.99723","published_at":"2026-04-24T12:55:00Z"},{"value":"0.9236","scoring_system":"epss","scoring_elements":"0.99723","published_at":"2026-04-01T12:55:00Z"},{"value":"0.9236","scoring_system":"epss","scoring_elements":"0.99727","published_at":"2026-04-18T12:55:00Z"},{"value":"0.9236","scoring_system":"epss","scoring_elements":"0.99724","published_at":"2026-04-02T12:55:00Z"},{"value":"0.9236","scoring_system":"epss","scoring_elements":"0.99725","published_at":"2026-04-04T12:55:00Z"},{"value":"0.9236","scoring_system":"epss","scoring_elements":"0.99726","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4191"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-4191"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s8jp-pr6y-8qcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279338?format=json","vulnerability_id":"VCID-sak7-sp6s-7ydh","summary":"Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3726","reference_id":"","reference_type":"","scores":[{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56084","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56241","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56209","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56134","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56156","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56131","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56181","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56201","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56232","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56238","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56248","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56224","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56207","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56239","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3726"},{"reference_url":"https://hackerone.com/reports/1563383","reference_id":"1563383","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:22:45Z/"}],"url":"https://hackerone.com/reports/1563383"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/362509","reference_id":"362509","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:22:45Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/362509"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3726.json","reference_id":"CVE-2022-3726.json","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:22:45Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3726.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3726"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sak7-sp6s-7ydh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/284056?format=json","vulnerability_id":"VCID-sam2-zgur-43be","summary":"An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4462","reference_id":"","reference_type":"","scores":[{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60211","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60286","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60293","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.6025","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60266","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60254","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.602","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60226","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60194","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60244","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60258","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60279","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60265","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60246","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4462"},{"reference_url":"https://hackerone.com/reports/1796210","reference_id":"1796210","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:27:03Z/"}],"url":"https://hackerone.com/reports/1796210"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/385669","reference_id":"385669","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:27:03Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/385669"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4462.json","reference_id":"CVE-2022-4462.json","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:27:03Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4462.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-4462"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sam2-zgur-43be"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/284678?format=json","vulnerability_id":"VCID-spnw-xhvg-8khn","summary":"An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0223","reference_id":"","reference_type":"","scores":[{"value":"0.02694","scoring_system":"epss","scoring_elements":"0.85933","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02694","scoring_system":"epss","scoring_elements":"0.85891","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02694","scoring_system":"epss","scoring_elements":"0.85883","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02694","scoring_system":"epss","scoring_elements":"0.85905","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02694","scoring_system":"epss","scoring_elements":"0.85913","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02694","scoring_system":"epss","scoring_elements":"0.85915","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02694","scoring_system":"epss","scoring_elements":"0.8581","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02694","scoring_system":"epss","scoring_elements":"0.85828","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02694","scoring_system":"epss","scoring_elements":"0.85832","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02694","scoring_system":"epss","scoring_elements":"0.8585","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02694","scoring_system":"epss","scoring_elements":"0.85861","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02694","scoring_system":"epss","scoring_elements":"0.85875","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02694","scoring_system":"epss","scoring_elements":"0.85872","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02694","scoring_system":"epss","scoring_elements":"0.85868","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02694","scoring_system":"epss","scoring_elements":"0.85887","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0223"},{"reference_url":"https://hackerone.com/reports/1824226","reference_id":"1824226","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:29:30Z/"}],"url":"https://hackerone.com/reports/1824226"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/387870","reference_id":"387870","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:29:30Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/387870"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0223.json","reference_id":"CVE-2023-0223.json","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:29:30Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0223.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-0223"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-spnw-xhvg-8khn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/278988?format=json","vulnerability_id":"VCID-squm-zf6h-1udv","summary":"An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3031","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40214","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40239","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40161","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40225","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40237","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41232","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41226","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41146","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41009","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41414","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41399","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41442","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41341","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3031"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/340395","reference_id":"340395","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:20:40Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/340395"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3031.json","reference_id":"CVE-2022-3031.json","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:20:40Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3031.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3031"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-squm-zf6h-1udv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/283976?format=json","vulnerability_id":"VCID-sr1f-3k9z-qfae","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4342","reference_id":"","reference_type":"","scores":[{"value":"0.01599","scoring_system":"epss","scoring_elements":"0.81659","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01599","scoring_system":"epss","scoring_elements":"0.81637","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02323","scoring_system":"epss","scoring_elements":"0.84879","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02323","scoring_system":"epss","scoring_elements":"0.84862","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02337","scoring_system":"epss","scoring_elements":"0.84905","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02337","scoring_system":"epss","scoring_elements":"0.8487","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02337","scoring_system":"epss","scoring_elements":"0.84871","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02337","scoring_system":"epss","scoring_elements":"0.84868","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02337","scoring_system":"epss","scoring_elements":"0.84895","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02337","scoring_system":"epss","scoring_elements":"0.8481","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02337","scoring_system":"epss","scoring_elements":"0.84833","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02337","scoring_system":"epss","scoring_elements":"0.84839","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02337","scoring_system":"epss","scoring_elements":"0.84858","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02337","scoring_system":"epss","scoring_elements":"0.84854","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02337","scoring_system":"epss","scoring_elements":"0.84849","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4342"},{"reference_url":"https://hackerone.com/reports/1791331","reference_id":"1791331","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:41:54Z/"}],"url":"https://hackerone.com/reports/1791331"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/385118","reference_id":"385118","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:41:54Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/385118"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4342.json","reference_id":"CVE-2022-4342.json","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:41:54Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4342.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-4342"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sr1f-3k9z-qfae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240575?format=json","vulnerability_id":"VCID-ss7h-4jqj-rycp","summary":"The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22258","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50744","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50782","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50838","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50864","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50821","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50878","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50876","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50918","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50896","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5088","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50924","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50904","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50853","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50861","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5082","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22258"},{"reference_url":"https://security.archlinux.org/AVG-2335","reference_id":"AVG-2335","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2335"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22258"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ss7h-4jqj-rycp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273605?format=json","vulnerability_id":"VCID-su7x-v5ud-bffh","summary":"An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don't have access to.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2761","reference_id":"","reference_type":"","scores":[{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51308","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51466","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51446","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51398","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51403","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51364","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.5137","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51397","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51356","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.5141","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51408","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51451","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51429","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51416","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51458","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2761"},{"reference_url":"https://hackerone.com/reports/1653149","reference_id":"1653149","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:35:28Z/"}],"url":"https://hackerone.com/reports/1653149"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/370458","reference_id":"370458","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:35:28Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/370458"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2761.json","reference_id":"CVE-2022-2761.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:35:28Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2761.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2761"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-su7x-v5ud-bffh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256738?format=json","vulnerability_id":"VCID-su9x-jz8t-h7bt","summary":"Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39886","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3282","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3318","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33308","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3334","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33173","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33216","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3325","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33254","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33213","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33189","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3323","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33207","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33171","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33024","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33007","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32932","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39886"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39886"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-su9x-jz8t-h7bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256779?format=json","vulnerability_id":"VCID-sxfm-yjar-r3gy","summary":"A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39912","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4797","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48044","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48082","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48103","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48053","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48106","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48101","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48124","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48099","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48111","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48163","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48158","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48113","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48094","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48105","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4805","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39912"},{"reference_url":"https://security.archlinux.org/AVG-2503","reference_id":"AVG-2503","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39912"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sxfm-yjar-r3gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273671?format=json","vulnerability_id":"VCID-sy1x-7vmv-ykh7","summary":"A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2865","reference_id":"","reference_type":"","scores":[{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.56955","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63278","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63243","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63209","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.6326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63214","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63295","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64412","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64433","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64446","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64445","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64402","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64373","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64409","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64421","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2865"},{"reference_url":"https://hackerone.com/reports/1665658","reference_id":"1665658","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T13:56:48Z/"}],"url":"https://hackerone.com/reports/1665658"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/370873","reference_id":"370873","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T13:56:48Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/370873"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2865.json","reference_id":"CVE-2022-2865.json","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T13:56:48Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2865.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2865"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sy1x-7vmv-ykh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/292028?format=json","vulnerability_id":"VCID-t1kx-cv1c-9ycs","summary":"An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2001","reference_id":"","reference_type":"","scores":[{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63454","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63464","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63462","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63469","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63455","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63473","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63486","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63481","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63428","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63394","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63445","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63463","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.6348","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.66913","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2001"},{"reference_url":"https://hackerone.com/reports/1908423","reference_id":"1908423","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:54:01Z/"}],"url":"https://hackerone.com/reports/1908423"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/406764","reference_id":"406764","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:54:01Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/406764"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2001.json","reference_id":"CVE-2023-2001.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:54:01Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2001.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-2001"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t1kx-cv1c-9ycs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240521?format=json","vulnerability_id":"VCID-t5qj-bzm5-5qhe","summary":"An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited access after their password expired","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22221","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40338","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40679","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40763","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.4079","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40714","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40764","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40771","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40756","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40737","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40781","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40752","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40674","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40578","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40566","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40483","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22221"},{"reference_url":"https://security.archlinux.org/ASA-202106-21","reference_id":"ASA-202106-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-21"},{"reference_url":"https://security.archlinux.org/AVG-2023","reference_id":"AVG-2023","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22221"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t5qj-bzm5-5qhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264398?format=json","vulnerability_id":"VCID-t7k8-c1ft-83ea","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0244","reference_id":"","reference_type":"","scores":[{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.51946","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.51993","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.5202","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.51986","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.5204","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52038","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.5209","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52073","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52055","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52095","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52101","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52083","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.5203","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52037","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52001","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.51949","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0244"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0244"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t7k8-c1ft-83ea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256806?format=json","vulnerability_id":"VCID-t8nq-hx26-kfc7","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39935","reference_id":"","reference_type":"","scores":[{"value":"0.41434","scoring_system":"epss","scoring_elements":"0.97378","published_at":"2026-04-01T12:55:00Z"},{"value":"0.41434","scoring_system":"epss","scoring_elements":"0.97384","published_at":"2026-04-02T12:55:00Z"},{"value":"0.41434","scoring_system":"epss","scoring_elements":"0.97389","published_at":"2026-04-04T12:55:00Z"},{"value":"0.41434","scoring_system":"epss","scoring_elements":"0.97391","published_at":"2026-04-07T12:55:00Z"},{"value":"0.41434","scoring_system":"epss","scoring_elements":"0.97397","published_at":"2026-04-08T12:55:00Z"},{"value":"0.41434","scoring_system":"epss","scoring_elements":"0.97398","published_at":"2026-04-09T12:55:00Z"},{"value":"0.41434","scoring_system":"epss","scoring_elements":"0.974","published_at":"2026-04-11T12:55:00Z"},{"value":"0.41434","scoring_system":"epss","scoring_elements":"0.97401","published_at":"2026-04-12T12:55:00Z"},{"value":"0.41434","scoring_system":"epss","scoring_elements":"0.97402","published_at":"2026-04-13T12:55:00Z"},{"value":"0.41434","scoring_system":"epss","scoring_elements":"0.9741","published_at":"2026-04-16T12:55:00Z"},{"value":"0.41434","scoring_system":"epss","scoring_elements":"0.97413","published_at":"2026-04-18T12:55:00Z"},{"value":"0.54604","scoring_system":"epss","scoring_elements":"0.98041","published_at":"2026-04-29T12:55:00Z"},{"value":"0.54604","scoring_system":"epss","scoring_elements":"0.98049","published_at":"2026-05-05T12:55:00Z"},{"value":"0.58412","scoring_system":"epss","scoring_elements":"0.98209","published_at":"2026-04-26T12:55:00Z"},{"value":"0.58412","scoring_system":"epss","scoring_elements":"0.98206","published_at":"2026-04-21T12:55:00Z"},{"value":"0.58412","scoring_system":"epss","scoring_elements":"0.98208","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39935"},{"reference_url":"https://hackerone.com/reports/1236965","reference_id":"1236965","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:23:46Z/"}],"url":"https://hackerone.com/reports/1236965"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/346187","reference_id":"346187","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:23:46Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/346187"},{"reference_url":"https://security.archlinux.org/ASA-202112-10","reference_id":"ASA-202112-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-10"},{"reference_url":"https://security.archlinux.org/AVG-2603","reference_id":"AVG-2603","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2603"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39935.json","reference_id":"CVE-2021-39935.json","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:23:46Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39935.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39935"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t8nq-hx26-kfc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240463?format=json","vulnerability_id":"VCID-tb8y-54tw-nkb2","summary":"A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22179","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54046","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54063","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54092","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54066","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54117","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54115","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54165","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54147","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54126","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54169","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.5415","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.541","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54047","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22179"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22179"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tb8y-54tw-nkb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240543?format=json","vulnerability_id":"VCID-tfat-25ty-rfgj","summary":"An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22238","reference_id":"","reference_type":"","scores":[{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.78976","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.78838","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.78844","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.78873","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.78855","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.7888","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.78887","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.7891","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.78894","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.78885","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.78913","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.78911","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.78908","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.78937","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.78944","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.78961","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22238"},{"reference_url":"https://security.archlinux.org/AVG-2335","reference_id":"AVG-2335","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2335"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22238"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tfat-25ty-rfgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/285348?format=json","vulnerability_id":"VCID-tgce-yndb-zqa8","summary":"An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1178","reference_id":"","reference_type":"","scores":[{"value":"0.02453","scoring_system":"epss","scoring_elements":"0.85278","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03553","scoring_system":"epss","scoring_elements":"0.87694","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03553","scoring_system":"epss","scoring_elements":"0.87696","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03553","scoring_system":"epss","scoring_elements":"0.87711","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03553","scoring_system":"epss","scoring_elements":"0.87708","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03553","scoring_system":"epss","scoring_elements":"0.87725","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03553","scoring_system":"epss","scoring_elements":"0.87731","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03553","scoring_system":"epss","scoring_elements":"0.8773","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03553","scoring_system":"epss","scoring_elements":"0.87665","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03553","scoring_system":"epss","scoring_elements":"0.87666","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03553","scoring_system":"epss","scoring_elements":"0.87687","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03553","scoring_system":"epss","scoring_elements":"0.87653","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03553","scoring_system":"epss","scoring_elements":"0.87705","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03553","scoring_system":"epss","scoring_elements":"0.87698","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1178"},{"reference_url":"https://hackerone.com/reports/1778009","reference_id":"1778009","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:32:24Z/"}],"url":"https://hackerone.com/reports/1778009"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/381815","reference_id":"381815","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:32:24Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/381815"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1178.json","reference_id":"CVE-2023-1178.json","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:32:24Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1178.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-1178"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgce-yndb-zqa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240545?format=json","vulnerability_id":"VCID-tk7s-v2w6-ukhr","summary":"An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22239","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37007","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37411","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37577","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37601","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37478","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37529","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37542","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37556","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37521","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37495","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37523","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37459","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37218","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37126","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22239"},{"reference_url":"https://security.archlinux.org/ASA-202108-7","reference_id":"ASA-202108-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-7"},{"reference_url":"https://security.archlinux.org/AVG-2251","reference_id":"AVG-2251","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2251"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22239"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tk7s-v2w6-ukhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264280?format=json","vulnerability_id":"VCID-tktz-65eb-aqh1","summary":"An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0124","reference_id":"","reference_type":"","scores":[{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.5029","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50346","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50375","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50325","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50378","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50371","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50413","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.5039","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.5042","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50424","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50401","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50347","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50357","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50308","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.5023","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0124"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0124"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tktz-65eb-aqh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240581?format=json","vulnerability_id":"VCID-tuxq-42yv-2qd2","summary":"An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'Internal' and access Internal projects.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22263","reference_id":"","reference_type":"","scores":[{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42613","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42683","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42711","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42652","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42703","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42715","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42738","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42702","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42685","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42746","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42735","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42671","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42595","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42512","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42372","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22263"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22263"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tuxq-42yv-2qd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266419?format=json","vulnerability_id":"VCID-tv9d-9wvu-rfdg","summary":"An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2303","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.3766","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38229","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38252","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38122","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38172","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.3818","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38198","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38163","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38139","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38184","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38166","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38101","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37885","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37862","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37767","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2303"},{"reference_url":"https://security.archlinux.org/AVG-2785","reference_id":"AVG-2785","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2785"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2303"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tv9d-9wvu-rfdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240477?format=json","vulnerability_id":"VCID-twzs-xkgr-sqea","summary":"An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22188","reference_id":"","reference_type":"","scores":[{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55487","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55598","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55622","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.556","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55651","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55655","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55664","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55644","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55627","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55666","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55669","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55649","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55576","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55593","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55568","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55515","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22188"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22188"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twzs-xkgr-sqea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266416?format=json","vulnerability_id":"VCID-tzw9-uffa-9ycy","summary":"Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2417","reference_id":"","reference_type":"","scores":[{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.34922","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3549","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35515","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35398","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35444","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35468","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35478","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35435","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35411","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35452","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3544","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35387","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35153","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35131","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35043","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2417"},{"reference_url":"https://security.archlinux.org/AVG-2785","reference_id":"AVG-2785","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2785"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2417"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tzw9-uffa-9ycy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279292?format=json","vulnerability_id":"VCID-u4sr-c5ew-3qbc","summary":"A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3639","reference_id":"","reference_type":"","scores":[{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40587","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40614","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40597","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40615","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40578","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41675","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41676","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41597","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41456","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41847","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4182","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41748","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3639"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/366876","reference_id":"366876","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:52:53Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/366876"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3639.json","reference_id":"CVE-2022-3639.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:52:53Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3639.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3639"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u4sr-c5ew-3qbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273429?format=json","vulnerability_id":"VCID-uaaf-28uh-jkds","summary":"An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2498","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42111","published_at":"2026-04-02T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.4214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42076","published_at":"2026-04-07T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42128","published_at":"2026-04-08T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42161","published_at":"2026-04-11T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42124","published_at":"2026-04-12T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.421","published_at":"2026-04-13T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42151","published_at":"2026-04-16T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42125","published_at":"2026-04-18T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42055","published_at":"2026-04-21T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41997","published_at":"2026-04-24T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41992","published_at":"2026-04-26T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41907","published_at":"2026-04-29T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41766","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2498"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2498"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uaaf-28uh-jkds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256768?format=json","vulnerability_id":"VCID-ubka-br7q-dyax","summary":"An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39905","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53256","published_at":"2026-05-05T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53244","published_at":"2026-04-01T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53267","published_at":"2026-04-02T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53293","published_at":"2026-04-04T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53262","published_at":"2026-04-07T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53314","published_at":"2026-04-08T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53309","published_at":"2026-04-09T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53344","published_at":"2026-04-12T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53327","published_at":"2026-04-13T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53365","published_at":"2026-04-16T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.5337","published_at":"2026-04-18T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.5335","published_at":"2026-04-21T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53322","published_at":"2026-04-24T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53335","published_at":"2026-04-26T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53297","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39905"},{"reference_url":"https://security.archlinux.org/AVG-2503","reference_id":"AVG-2503","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39905"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ubka-br7q-dyax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256717?format=json","vulnerability_id":"VCID-ujgs-nnuc-mqe2","summary":"In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39871","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.3085","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31384","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31521","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31563","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31381","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31434","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31465","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31468","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31425","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31389","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31422","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31402","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31373","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31204","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.3108","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31002","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39871"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39871"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ujgs-nnuc-mqe2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273259?format=json","vulnerability_id":"VCID-umzr-tarf-4bb7","summary":"An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2244","reference_id":"","reference_type":"","scores":[{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38791","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38812","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38741","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.3879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38802","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38814","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38777","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.3875","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38795","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38774","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38694","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38538","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38514","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38425","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38306","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2244"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2244"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-umzr-tarf-4bb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279153?format=json","vulnerability_id":"VCID-uncf-tbex-nuey","summary":"An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3381","reference_id":"","reference_type":"","scores":[{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67831","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67791","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.6784","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67822","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67851","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67856","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67751","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67771","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67752","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67803","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67817","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67841","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67827","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3381"},{"reference_url":"https://hackerone.com/reports/1711497","reference_id":"1711497","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T17:31:28Z/"}],"url":"https://hackerone.com/reports/1711497"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/376046","reference_id":"376046","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T17:31:28Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/376046"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3381.json","reference_id":"CVE-2022-3381.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T17:31:28Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3381.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3381"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uncf-tbex-nuey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240505?format=json","vulnerability_id":"VCID-unhf-zjns-n7fn","summary":"An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22208","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.3971","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.4005","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40199","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40224","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40147","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.402","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40212","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40223","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40186","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40168","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40217","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40187","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40109","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39935","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.3992","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.3984","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22208"},{"reference_url":"https://security.archlinux.org/ASA-202105-4","reference_id":"ASA-202105-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-4"},{"reference_url":"https://security.archlinux.org/AVG-1888","reference_id":"AVG-1888","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1888"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22208"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-unhf-zjns-n7fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256755?format=json","vulnerability_id":"VCID-utt5-yq43-tydb","summary":"Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39897","reference_id":"","reference_type":"","scores":[{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52249","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52257","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.523","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52328","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.5229","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52343","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52338","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52388","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52373","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52359","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52397","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52403","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52387","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52335","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52344","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52306","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39897"},{"reference_url":"https://security.archlinux.org/AVG-2503","reference_id":"AVG-2503","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39897"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-utt5-yq43-tydb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279284?format=json","vulnerability_id":"VCID-uwds-2syn-ykbq","summary":"An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3613","reference_id":"","reference_type":"","scores":[{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59209","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59279","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59285","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59267","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59248","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59253","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59204","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59228","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59192","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59244","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59258","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59277","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.5926","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59242","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3613"},{"reference_url":"https://hackerone.com/reports/1723106","reference_id":"1723106","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:05:50Z/"}],"url":"https://hackerone.com/reports/1723106"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/378456","reference_id":"378456","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:05:50Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/378456"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3613.json","reference_id":"CVE-2022-3613.json","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:05:50Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3613.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3613"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uwds-2syn-ykbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256817?format=json","vulnerability_id":"VCID-uzq6-eukx-8yhv","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege to a maintainer on projects they import","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39944","reference_id":"","reference_type":"","scores":[{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38606","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38955","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39141","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39163","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39082","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39137","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39153","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39165","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39128","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39109","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39164","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39133","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39045","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38836","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38813","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38729","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39944"},{"reference_url":"https://security.archlinux.org/ASA-202112-10","reference_id":"ASA-202112-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-10"},{"reference_url":"https://security.archlinux.org/AVG-2603","reference_id":"AVG-2603","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2603"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39944"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uzq6-eukx-8yhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264817?format=json","vulnerability_id":"VCID-v35f-3xsf-qkcs","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0735","reference_id":"","reference_type":"","scores":[{"value":"0.57385","scoring_system":"epss","scoring_elements":"0.98139","published_at":"2026-04-01T12:55:00Z"},{"value":"0.57385","scoring_system":"epss","scoring_elements":"0.98141","published_at":"2026-04-02T12:55:00Z"},{"value":"0.57385","scoring_system":"epss","scoring_elements":"0.98145","published_at":"2026-04-04T12:55:00Z"},{"value":"0.57385","scoring_system":"epss","scoring_elements":"0.98147","published_at":"2026-04-07T12:55:00Z"},{"value":"0.57385","scoring_system":"epss","scoring_elements":"0.9815","published_at":"2026-04-08T12:55:00Z"},{"value":"0.57385","scoring_system":"epss","scoring_elements":"0.98151","published_at":"2026-04-09T12:55:00Z"},{"value":"0.57385","scoring_system":"epss","scoring_elements":"0.98155","published_at":"2026-04-11T12:55:00Z"},{"value":"0.57385","scoring_system":"epss","scoring_elements":"0.98154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.57385","scoring_system":"epss","scoring_elements":"0.9816","published_at":"2026-04-24T12:55:00Z"},{"value":"0.57385","scoring_system":"epss","scoring_elements":"0.98161","published_at":"2026-04-18T12:55:00Z"},{"value":"0.57385","scoring_system":"epss","scoring_elements":"0.98159","published_at":"2026-04-21T12:55:00Z"},{"value":"0.57385","scoring_system":"epss","scoring_elements":"0.98162","published_at":"2026-04-26T12:55:00Z"},{"value":"0.57385","scoring_system":"epss","scoring_elements":"0.98163","published_at":"2026-04-29T12:55:00Z"},{"value":"0.57385","scoring_system":"epss","scoring_elements":"0.98169","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0735"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0735"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v35f-3xsf-qkcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/285366?format=json","vulnerability_id":"VCID-v428-jfje-efdy","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1204","reference_id":"","reference_type":"","scores":[{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55306","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55334","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.5537","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55375","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55353","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.5529","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55311","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55284","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.5533","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55312","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55363","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55374","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55352","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62536","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1204"},{"reference_url":"https://hackerone.com/reports/1881598","reference_id":"1881598","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T15:23:08Z/"}],"url":"https://hackerone.com/reports/1881598"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/394745","reference_id":"394745","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T15:23:08Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/394745"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1204.json","reference_id":"CVE-2023-1204.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T15:23:08Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1204.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-1204"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v428-jfje-efdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264305?format=json","vulnerability_id":"VCID-vd16-7urm-jybw","summary":"An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not correctly handling requests to delete existing packages which could result in a Denial of Service under specific conditions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0151","reference_id":"","reference_type":"","scores":[{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49047","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49081","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49109","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49063","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49117","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49114","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49132","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49105","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49111","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49156","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49154","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49122","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.4912","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49078","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.48995","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0151"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0151"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vd16-7urm-jybw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256813?format=json","vulnerability_id":"VCID-vfvr-mjgk-4qce","summary":"An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39941","reference_id":"","reference_type":"","scores":[{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52521","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52522","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52568","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52594","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52561","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52613","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52607","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52658","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52641","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52625","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52663","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.5267","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52655","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52606","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52616","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52579","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39941"},{"reference_url":"https://security.archlinux.org/ASA-202112-10","reference_id":"ASA-202112-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-10"},{"reference_url":"https://security.archlinux.org/AVG-2603","reference_id":"AVG-2603","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2603"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39941"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfvr-mjgk-4qce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264823?format=json","vulnerability_id":"VCID-vns6-ke1r-zkav","summary":"Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0740","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24208","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24336","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2437","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24153","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24219","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24262","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24279","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24237","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24179","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24195","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24182","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24159","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24036","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24025","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23984","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23874","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0740"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0740"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vns6-ke1r-zkav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264279?format=json","vulnerability_id":"VCID-vntu-d9ry-bkef","summary":"An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0123","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24277","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24404","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24436","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24219","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24285","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24329","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24304","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24247","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24263","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24251","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24228","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24104","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24092","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24051","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23936","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0123"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0123"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vntu-d9ry-bkef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256780?format=json","vulnerability_id":"VCID-vqxg-nt2j-skcd","summary":"Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39913","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1858","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18953","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1909","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.19141","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18858","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18937","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1899","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18997","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1895","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18899","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18854","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18866","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18877","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18766","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18747","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18703","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39913"},{"reference_url":"https://security.archlinux.org/AVG-2503","reference_id":"AVG-2503","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39913"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vqxg-nt2j-skcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279262?format=json","vulnerability_id":"VCID-vzp1-zys5-hybk","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3573","reference_id":"","reference_type":"","scores":[{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.73562","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.73585","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.73558","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.73594","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.73607","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.73629","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.73611","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.73602","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.73646","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.73655","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01246","scoring_system":"epss","scoring_elements":"0.79384","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01246","scoring_system":"epss","scoring_elements":"0.79322","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01246","scoring_system":"epss","scoring_elements":"0.79355","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01246","scoring_system":"epss","scoring_elements":"0.7936","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01246","scoring_system":"epss","scoring_elements":"0.79375","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3573"},{"reference_url":"https://hackerone.com/reports/1730461","reference_id":"1730461","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:15:35Z/"}],"url":"https://hackerone.com/reports/1730461"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/378216","reference_id":"378216","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:15:35Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/378216"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3573.json","reference_id":"CVE-2022-3573.json","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:15:35Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3573.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3573"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vzp1-zys5-hybk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256801?format=json","vulnerability_id":"VCID-w1jg-8rdt-3ufv","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39932","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44504","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44711","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44791","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44812","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44752","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44805","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44807","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44824","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44793","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44794","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44848","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44841","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44776","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.4469","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44697","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44619","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39932"},{"reference_url":"https://security.archlinux.org/ASA-202112-10","reference_id":"ASA-202112-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-10"},{"reference_url":"https://security.archlinux.org/AVG-2603","reference_id":"AVG-2603","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2603"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39932"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w1jg-8rdt-3ufv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/284849?format=json","vulnerability_id":"VCID-w551-6zcf-k3ex","summary":"An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0483","reference_id":"","reference_type":"","scores":[{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61857","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61919","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61923","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61903","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.6192","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61913","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61821","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61851","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.6187","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61886","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61907","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61896","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61875","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0483"},{"reference_url":"https://hackerone.com/reports/1836466","reference_id":"1836466","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:31:11Z/"}],"url":"https://hackerone.com/reports/1836466"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/389188","reference_id":"389188","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:31:11Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/389188"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0483.json","reference_id":"CVE-2023-0483.json","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T21:31:11Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0483.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-0483"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w551-6zcf-k3ex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256760?format=json","vulnerability_id":"VCID-w5ry-7u68-vbhz","summary":"In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39901","reference_id":"","reference_type":"","scores":[{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52572","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52514","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52559","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52586","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52553","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52605","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52599","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52649","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52632","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52618","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52656","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52663","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52648","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52598","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52609","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39901"},{"reference_url":"https://security.archlinux.org/AVG-2503","reference_id":"AVG-2503","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39901"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w5ry-7u68-vbhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/292166?format=json","vulnerability_id":"VCID-w7kt-u5wa-ayhm","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2198","reference_id":"","reference_type":"","scores":[{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74055","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74001","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73982","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73974","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74015","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74024","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74048","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74057","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73958","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73929","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73963","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73977","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00935","scoring_system":"epss","scoring_elements":"0.7611","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2198"},{"reference_url":"https://hackerone.com/reports/1947187","reference_id":"1947187","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:46:50Z/"}],"url":"https://hackerone.com/reports/1947187"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/408273","reference_id":"408273","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:46:50Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/408273"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2198.json","reference_id":"CVE-2023-2198.json","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:46:50Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2198.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-2198"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7kt-u5wa-ayhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273250?format=json","vulnerability_id":"VCID-wd1y-vck3-vyg6","summary":"A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2230","reference_id":"","reference_type":"","scores":[{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63806","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63832","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.6379","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63841","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63858","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63872","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63824","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63859","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63868","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63874","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63886","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63885","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63856","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2230"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2230"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wd1y-vck3-vyg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256722?format=json","vulnerability_id":"VCID-wg33-ddc8-t3h4","summary":"In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39874","reference_id":"","reference_type":"","scores":[{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.4847","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48538","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48574","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48597","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48549","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48603","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48599","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.4862","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48593","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48606","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48656","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48651","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48608","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48604","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48554","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39874"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39874"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wg33-ddc8-t3h4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265178?format=json","vulnerability_id":"VCID-wkxn-6wja-hbbj","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1189","reference_id":"","reference_type":"","scores":[{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44459","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44528","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.4455","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44488","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44539","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44544","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.4456","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.4453","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44532","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44587","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44579","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44509","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44427","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44431","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.4435","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44226","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1189"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1189"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wkxn-6wja-hbbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240501?format=json","vulnerability_id":"VCID-wm8m-8qsm-tfd2","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22205","reference_id":"","reference_type":"","scores":[{"value":"0.94467","scoring_system":"epss","scoring_elements":"0.99996","published_at":"2026-04-21T12:55:00Z"},{"value":"0.94467","scoring_system":"epss","scoring_elements":"0.99997","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22205"},{"reference_url":"https://hackerone.com/reports/1154542","reference_id":"1154542","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T19:48:57Z/"}],"url":"https://hackerone.com/reports/1154542"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/327121","reference_id":"327121","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T19:48:57Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/327121"},{"reference_url":"https://security.archlinux.org/ASA-202104-1","reference_id":"ASA-202104-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-1"},{"reference_url":"https://security.archlinux.org/AVG-1822","reference_id":"AVG-1822","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1822"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/50532.txt","reference_id":"CVE-2021-22205","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/50532.txt"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json","reference_id":"CVE-2021-22205.json","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T19:48:57Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json"},{"reference_url":"http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html","reference_id":"GitLab-13.10.2-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T19:48:57Z/"}],"url":"http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html","reference_id":"GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T19:48:57Z/"}],"url":"http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22205"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wm8m-8qsm-tfd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256728?format=json","vulnerability_id":"VCID-wnjn-b16y-mfdg","summary":"Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39879","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31051","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.316","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31733","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31777","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31596","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31648","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31678","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31683","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31642","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31606","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.3164","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31618","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31586","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31408","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31283","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31203","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39879"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39879"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wnjn-b16y-mfdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/292167?format=json","vulnerability_id":"VCID-ws9f-zt21-u7bv","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2199","reference_id":"","reference_type":"","scores":[{"value":"0.02032","scoring_system":"epss","scoring_elements":"0.83896","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02032","scoring_system":"epss","scoring_elements":"0.83807","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02032","scoring_system":"epss","scoring_elements":"0.83802","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02032","scoring_system":"epss","scoring_elements":"0.83835","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02032","scoring_system":"epss","scoring_elements":"0.83836","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02032","scoring_system":"epss","scoring_elements":"0.83862","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02032","scoring_system":"epss","scoring_elements":"0.8387","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02032","scoring_system":"epss","scoring_elements":"0.83875","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02032","scoring_system":"epss","scoring_elements":"0.83764","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02032","scoring_system":"epss","scoring_elements":"0.83767","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02032","scoring_system":"epss","scoring_elements":"0.8379","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02032","scoring_system":"epss","scoring_elements":"0.83797","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02032","scoring_system":"epss","scoring_elements":"0.83813","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.84938","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2199"},{"reference_url":"https://hackerone.com/reports/1943819","reference_id":"1943819","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:45:26Z/"}],"url":"https://hackerone.com/reports/1943819"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/408272","reference_id":"408272","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:45:26Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/408272"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2199.json","reference_id":"CVE-2023-2199.json","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:45:26Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2199.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-2199"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ws9f-zt21-u7bv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265315?format=json","vulnerability_id":"VCID-wt3g-99mt-uug6","summary":"Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project CI/CD variables by importing a malicious project","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1406","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43734","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43975","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44024","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44046","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43977","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44028","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4403","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44045","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44013","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43996","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44058","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44049","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43983","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43935","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43939","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43854","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1406"},{"reference_url":"https://security.archlinux.org/AVG-2696","reference_id":"AVG-2696","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1406"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wt3g-99mt-uug6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265327?format=json","vulnerability_id":"VCID-wvtd-44nu-ckgb","summary":"Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1423","reference_id":"","reference_type":"","scores":[{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25812","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26174","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26255","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26296","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26066","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26133","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26181","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26189","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26143","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26085","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26091","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26069","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26034","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25973","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25968","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25919","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1423"},{"reference_url":"https://security.archlinux.org/AVG-2696","reference_id":"AVG-2696","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1423"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wvtd-44nu-ckgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266415?format=json","vulnerability_id":"VCID-wyff-62y3-9qdq","summary":"An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2456","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42835","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.4313","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43157","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43096","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43149","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43161","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43182","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43134","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43193","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43183","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43116","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43051","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43053","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.4297","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2456"},{"reference_url":"https://security.archlinux.org/AVG-2785","reference_id":"AVG-2785","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2785"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2456"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wyff-62y3-9qdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264281?format=json","vulnerability_id":"VCID-wzva-tq72-muar","summary":"An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that a maintainer of a project had the right access to import members from a target project.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0125","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51368","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51419","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51446","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51405","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51459","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51457","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.515","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51478","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51466","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51508","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51516","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51494","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51447","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51454","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51415","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51358","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0125"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wzva-tq72-muar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273277?format=json","vulnerability_id":"VCID-x181-ggwj-b7hu","summary":"An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2270","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.3644","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36473","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36308","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36356","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36377","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36384","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36348","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36368","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36351","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36298","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36067","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36037","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.3595","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.35833","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2270"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2270"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x181-ggwj-b7hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265128?format=json","vulnerability_id":"VCID-xghp-wud9-6ues","summary":"Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1099","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37666","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37848","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37873","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37751","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37802","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37814","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37829","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37793","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37768","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37816","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37797","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37736","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37498","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37476","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37386","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37268","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1099"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1099"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xghp-wud9-6ues"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/285722?format=json","vulnerability_id":"VCID-xjjb-9h1m-puf7","summary":"A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1733","reference_id":"","reference_type":"","scores":[{"value":"0.00627","scoring_system":"epss","scoring_elements":"0.70193","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00627","scoring_system":"epss","scoring_elements":"0.70176","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01681","scoring_system":"epss","scoring_elements":"0.82273","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01681","scoring_system":"epss","scoring_elements":"0.82219","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01681","scoring_system":"epss","scoring_elements":"0.8222","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01681","scoring_system":"epss","scoring_elements":"0.82221","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01681","scoring_system":"epss","scoring_elements":"0.82243","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01681","scoring_system":"epss","scoring_elements":"0.82254","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01681","scoring_system":"epss","scoring_elements":"0.82257","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01681","scoring_system":"epss","scoring_elements":"0.82145","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01681","scoring_system":"epss","scoring_elements":"0.82171","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01681","scoring_system":"epss","scoring_elements":"0.82178","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01681","scoring_system":"epss","scoring_elements":"0.82197","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01681","scoring_system":"epss","scoring_elements":"0.82189","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01681","scoring_system":"epss","scoring_elements":"0.82183","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1733"},{"reference_url":"https://hackerone.com/reports/1723124","reference_id":"1723124","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:45:04Z/"}],"url":"https://hackerone.com/reports/1723124"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/392665","reference_id":"392665","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:45:04Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/392665"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1733.json","reference_id":"CVE-2023-1733.json","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:45:04Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1733.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-1733"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xjjb-9h1m-puf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256781?format=json","vulnerability_id":"VCID-xm82-tdpb-buf6","summary":"A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39914","reference_id":"","reference_type":"","scores":[{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38633","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38982","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39169","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.3919","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.3911","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39164","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39181","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39192","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39156","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39137","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39191","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39161","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39072","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38863","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.3884","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38757","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39914"},{"reference_url":"https://security.archlinux.org/AVG-2503","reference_id":"AVG-2503","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39914"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xm82-tdpb-buf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264316?format=json","vulnerability_id":"VCID-xmw9-9v8j-pbej","summary":"An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0167","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42325","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42396","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42426","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42364","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42414","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42421","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42444","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42408","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42378","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42427","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42402","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.4233","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42266","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42261","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42177","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42032","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0167"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0167"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmw9-9v8j-pbej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279178?format=json","vulnerability_id":"VCID-xqjr-rs4y-h3as","summary":"Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3413","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39146","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39368","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39353","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39271","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39645","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39667","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39585","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39639","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39653","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39662","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39626","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39609","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3966","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39632","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39548","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3413"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/374926","reference_id":"374926","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T15:53:11Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/374926"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3413.json","reference_id":"CVE-2022-3413.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T15:53:11Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3413.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3413"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xqjr-rs4y-h3as"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265182?format=json","vulnerability_id":"VCID-xszd-bfvr-jfcv","summary":"Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1193","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33743","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3408","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34111","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3397","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34013","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34044","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34043","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33977","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3401","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33998","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33966","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33597","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33577","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33496","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33379","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1193"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1193"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xszd-bfvr-jfcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279100?format=json","vulnerability_id":"VCID-xu87-25zb-eycc","summary":"An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3279","reference_id":"","reference_type":"","scores":[{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.6694","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72139","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72173","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72181","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72166","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72209","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72219","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72214","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72113","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.7209","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72127","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72093","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72161","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72146","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72132","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3279"},{"reference_url":"https://hackerone.com/reports/1587261","reference_id":"1587261","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:49:59Z/"}],"url":"https://hackerone.com/reports/1587261"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/364249","reference_id":"364249","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:49:59Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/364249"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3279.json","reference_id":"CVE-2022-3279.json","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T15:49:59Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3279.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3279"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xu87-25zb-eycc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240541?format=json","vulnerability_id":"VCID-xuub-mcj4-rqhg","summary":"Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22236","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.4499","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45147","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45228","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45249","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45192","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45248","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45247","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45269","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45237","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45239","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.4529","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45285","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45235","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45146","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45154","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45095","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22236"},{"reference_url":"https://security.archlinux.org/ASA-202108-7","reference_id":"ASA-202108-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-7"},{"reference_url":"https://security.archlinux.org/AVG-2251","reference_id":"AVG-2251","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2251"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22236"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xuub-mcj4-rqhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/283781?format=json","vulnerability_id":"VCID-xvyx-62q5-m7cn","summary":"An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth provider.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4037","reference_id":"","reference_type":"","scores":[{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.69022","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68997","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68976","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.69027","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.69034","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.69041","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68897","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68918","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68898","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68948","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68967","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.6899","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68975","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68945","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68987","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4037"},{"reference_url":"https://hackerone.com/reports/1772543","reference_id":"1772543","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:21:35Z/"}],"url":"https://hackerone.com/reports/1772543"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/382957","reference_id":"382957","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:21:35Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/382957"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4037.json","reference_id":"CVE-2022-4037.json","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T16:21:35Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4037.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-4037"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xvyx-62q5-m7cn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256748?format=json","vulnerability_id":"VCID-y355-57xu-4bet","summary":"In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39892","reference_id":"","reference_type":"","scores":[{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.52931","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.5294","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.52965","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.5299","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.52958","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53009","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53002","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53052","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53036","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53019","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53056","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53063","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53045","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53012","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53021","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.52981","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39892"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39892"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y355-57xu-4bet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240456?format=json","vulnerability_id":"VCID-y7s4-my4s-eucm","summary":"When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22175","reference_id":"","reference_type":"","scores":[{"value":"0.66154","scoring_system":"epss","scoring_elements":"0.98507","published_at":"2026-04-01T12:55:00Z"},{"value":"0.66154","scoring_system":"epss","scoring_elements":"0.98509","published_at":"2026-04-02T12:55:00Z"},{"value":"0.66154","scoring_system":"epss","scoring_elements":"0.98511","published_at":"2026-04-04T12:55:00Z"},{"value":"0.66154","scoring_system":"epss","scoring_elements":"0.98512","published_at":"2026-04-07T12:55:00Z"},{"value":"0.66154","scoring_system":"epss","scoring_elements":"0.98515","published_at":"2026-04-08T12:55:00Z"},{"value":"0.66154","scoring_system":"epss","scoring_elements":"0.98517","published_at":"2026-04-09T12:55:00Z"},{"value":"0.66154","scoring_system":"epss","scoring_elements":"0.98519","published_at":"2026-04-13T12:55:00Z"},{"value":"0.66154","scoring_system":"epss","scoring_elements":"0.98518","published_at":"2026-04-12T12:55:00Z"},{"value":"0.66154","scoring_system":"epss","scoring_elements":"0.98525","published_at":"2026-04-18T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.9868","published_at":"2026-05-05T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98676","published_at":"2026-04-29T12:55:00Z"},{"value":"0.71157","scoring_system":"epss","scoring_elements":"0.9872","published_at":"2026-04-24T12:55:00Z"},{"value":"0.71157","scoring_system":"epss","scoring_elements":"0.98716","published_at":"2026-04-21T12:55:00Z"},{"value":"0.75355","scoring_system":"epss","scoring_elements":"0.98898","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22175"},{"reference_url":"https://hackerone.com/reports/1059596","reference_id":"1059596","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T16:52:37Z/"}],"url":"https://hackerone.com/reports/1059596"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/294178","reference_id":"294178","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T16:52:37Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/294178"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json","reference_id":"CVE-2021-22175.json","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T16:52:37Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22175"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y7s4-my4s-eucm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256712?format=json","vulnerability_id":"VCID-y8p4-aqpq-ykbk","summary":"In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39868","reference_id":"","reference_type":"","scores":[{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52518","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52519","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52565","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52591","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52558","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52609","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52604","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52654","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52637","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52623","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52661","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52668","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52652","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52603","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52614","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52577","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39868"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39868"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y8p4-aqpq-ykbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240515?format=json","vulnerability_id":"VCID-y93u-mrdn-abe3","summary":"A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22216","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37889","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.3828","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38418","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38442","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38306","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38356","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38364","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38381","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38343","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38318","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38366","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38346","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38281","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38122","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38098","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38005","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22216"},{"reference_url":"https://security.archlinux.org/ASA-202106-21","reference_id":"ASA-202106-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-21"},{"reference_url":"https://security.archlinux.org/AVG-2023","reference_id":"AVG-2023","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22216"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y93u-mrdn-abe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279439?format=json","vulnerability_id":"VCID-yc3d-cash-qybt","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user avatars using the victim's user ID, on private instances that restrict public level visibility.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3870","reference_id":"","reference_type":"","scores":[{"value":"0.01233","scoring_system":"epss","scoring_elements":"0.79276","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01233","scoring_system":"epss","scoring_elements":"0.79209","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01233","scoring_system":"epss","scoring_elements":"0.79206","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01233","scoring_system":"epss","scoring_elements":"0.7924","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01233","scoring_system":"epss","scoring_elements":"0.79247","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01233","scoring_system":"epss","scoring_elements":"0.79263","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01233","scoring_system":"epss","scoring_elements":"0.79138","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01233","scoring_system":"epss","scoring_elements":"0.79163","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01233","scoring_system":"epss","scoring_elements":"0.79149","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01233","scoring_system":"epss","scoring_elements":"0.79174","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01233","scoring_system":"epss","scoring_elements":"0.79182","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01233","scoring_system":"epss","scoring_elements":"0.79207","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01233","scoring_system":"epss","scoring_elements":"0.79192","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01233","scoring_system":"epss","scoring_elements":"0.79183","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3870"},{"reference_url":"https://hackerone.com/reports/1753423","reference_id":"1753423","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-09T13:14:38Z/"}],"url":"https://hackerone.com/reports/1753423"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/381647","reference_id":"381647","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-09T13:14:38Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/381647"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3870.json","reference_id":"CVE-2022-3870.json","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-09T13:14:38Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3870.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3870"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yc3d-cash-qybt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240523?format=json","vulnerability_id":"VCID-ye5q-51wd-53c5","summary":"Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22223","reference_id":"","reference_type":"","scores":[{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39772","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40114","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40264","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40289","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40211","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40275","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40286","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40249","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40229","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40276","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40245","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40169","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39995","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39981","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.399","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22223"},{"reference_url":"https://security.archlinux.org/ASA-202107-18","reference_id":"ASA-202107-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-18"},{"reference_url":"https://security.archlinux.org/AVG-2125","reference_id":"AVG-2125","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22223"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ye5q-51wd-53c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256772?format=json","vulnerability_id":"VCID-yfzm-n8gu-qfbm","summary":"In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39908","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39121","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39585","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39636","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39606","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39523","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39343","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39328","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39246","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39601","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53217","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53242","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.5321","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53262","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53257","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53308","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53193","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39908"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39908"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yfzm-n8gu-qfbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265156?format=json","vulnerability_id":"VCID-ygwj-5n23-7qbm","summary":"A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1162","reference_id":"","reference_type":"","scores":[{"value":"0.87606","scoring_system":"epss","scoring_elements":"0.99471","published_at":"2026-04-29T12:55:00Z"},{"value":"0.87606","scoring_system":"epss","scoring_elements":"0.99469","published_at":"2026-04-21T12:55:00Z"},{"value":"0.87606","scoring_system":"epss","scoring_elements":"0.9947","published_at":"2026-04-24T12:55:00Z"},{"value":"0.87606","scoring_system":"epss","scoring_elements":"0.99472","published_at":"2026-05-05T12:55:00Z"},{"value":"0.88912","scoring_system":"epss","scoring_elements":"0.9952","published_at":"2026-04-09T12:55:00Z"},{"value":"0.88912","scoring_system":"epss","scoring_elements":"0.99521","published_at":"2026-04-13T12:55:00Z"},{"value":"0.88912","scoring_system":"epss","scoring_elements":"0.99525","published_at":"2026-04-18T12:55:00Z"},{"value":"0.88912","scoring_system":"epss","scoring_elements":"0.99524","published_at":"2026-04-16T12:55:00Z"},{"value":"0.88912","scoring_system":"epss","scoring_elements":"0.99517","published_at":"2026-04-02T12:55:00Z"},{"value":"0.88912","scoring_system":"epss","scoring_elements":"0.99518","published_at":"2026-04-04T12:55:00Z"},{"value":"0.88912","scoring_system":"epss","scoring_elements":"0.99519","published_at":"2026-04-07T12:55:00Z"},{"value":"0.89478","scoring_system":"epss","scoring_elements":"0.99548","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1162"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/50888.txt","reference_id":"CVE-2022-1162","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/50888.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1162"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ygwj-5n23-7qbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240574?format=json","vulnerability_id":"VCID-ykmk-ymk1-b3a6","summary":"An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user enumeration on such instances.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22257","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44132","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.4437","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44441","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44462","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44397","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44448","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44455","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44471","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.4444","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44496","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44487","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44417","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44337","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.4434","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44259","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22257"},{"reference_url":"https://security.archlinux.org/AVG-2335","reference_id":"AVG-2335","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2335"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22257"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ykmk-ymk1-b3a6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265362?format=json","vulnerability_id":"VCID-ykza-d472-n7a4","summary":"An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1510","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43749","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43991","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44039","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44062","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43993","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44044","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44046","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44029","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44013","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44075","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44065","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43951","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43954","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4387","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1510"},{"reference_url":"https://security.archlinux.org/AVG-2696","reference_id":"AVG-2696","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1510"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ykza-d472-n7a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264834?format=json","vulnerability_id":"VCID-ym7c-hy3t-eqd6","summary":"Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0751","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49097","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.4913","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.4916","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49112","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49166","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49163","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.4918","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49154","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49206","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49205","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49174","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49172","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49129","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49046","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0751"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-0751"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ym7c-hy3t-eqd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240551?format=json","vulnerability_id":"VCID-ymr3-tjpk-y3eu","summary":"Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22243","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39342","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39527","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39441","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39497","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39513","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39523","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39485","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39468","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39519","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3949","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39406","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39211","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39194","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39112","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.38984","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22243"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22243"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymr3-tjpk-y3eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/285286?format=json","vulnerability_id":"VCID-ynh3-5k1k-ukc7","summary":"An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1098","reference_id":"","reference_type":"","scores":[{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52919","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52893","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63458","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63464","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63472","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63457","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63476","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63489","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63484","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63396","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63465","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63483","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63467","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63431","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1098"},{"reference_url":"https://hackerone.com/reports/1784294","reference_id":"1784294","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:57:56Z/"}],"url":"https://hackerone.com/reports/1784294"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/383745","reference_id":"383745","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:57:56Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/383745"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.json","reference_id":"CVE-2023-1098.json","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:57:56Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-1098"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ynh3-5k1k-ukc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/278987?format=json","vulnerability_id":"VCID-yrc2-68dd-w7h9","summary":"An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3030","reference_id":"","reference_type":"","scores":[{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52154","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52181","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52146","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52199","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52195","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52246","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53659","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53664","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53647","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.5361","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53587","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.5354","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53639","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53622","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3030"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/37959","reference_id":"37959","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:21:36Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/37959"},{"reference_url":"https://hackerone.com/reports/749882","reference_id":"749882","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:21:36Z/"}],"url":"https://hackerone.com/reports/749882"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3030.json","reference_id":"CVE-2022-3030.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T16:21:36Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3030.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3030"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrc2-68dd-w7h9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/283755?format=json","vulnerability_id":"VCID-ytck-scm4-n3hk","summary":"A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4007","reference_id":"","reference_type":"","scores":[{"value":"0.01089","scoring_system":"epss","scoring_elements":"0.78023","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01089","scoring_system":"epss","scoring_elements":"0.77967","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01089","scoring_system":"epss","scoring_elements":"0.7796","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01089","scoring_system":"epss","scoring_elements":"0.77993","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01089","scoring_system":"epss","scoring_elements":"0.78","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01089","scoring_system":"epss","scoring_elements":"0.78013","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01089","scoring_system":"epss","scoring_elements":"0.77882","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01089","scoring_system":"epss","scoring_elements":"0.7791","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01089","scoring_system":"epss","scoring_elements":"0.77892","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01089","scoring_system":"epss","scoring_elements":"0.77919","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01089","scoring_system":"epss","scoring_elements":"0.77923","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01089","scoring_system":"epss","scoring_elements":"0.7795","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01089","scoring_system":"epss","scoring_elements":"0.77933","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01089","scoring_system":"epss","scoring_elements":"0.77968","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4007"},{"reference_url":"https://hackerone.com/reports/1767745","reference_id":"1767745","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T15:14:38Z/"}],"url":"https://hackerone.com/reports/1767745"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/382789","reference_id":"382789","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T15:14:38Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/382789"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4007.json","reference_id":"CVE-2022-4007.json","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T15:14:38Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4007.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-4007"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ytck-scm4-n3hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240558?format=json","vulnerability_id":"VCID-ytx6-dtyz-aydu","summary":"Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22247","reference_id":"","reference_type":"","scores":[{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47719","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47757","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47777","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47726","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.4778","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47776","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47801","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47787","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47842","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47834","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.4777","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47727","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47643","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22247"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22247"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ytx6-dtyz-aydu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265659?format=json","vulnerability_id":"VCID-yvfx-ajfd-huaz","summary":"A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1954","reference_id":"","reference_type":"","scores":[{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38738","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38875","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38896","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38826","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38891","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38903","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38866","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38838","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38884","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38862","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38782","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38617","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38592","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38505","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38385","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1954"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-1954"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yvfx-ajfd-huaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240533?format=json","vulnerability_id":"VCID-yx48-ptwa-ukhh","summary":"Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22230","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41185","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41486","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41576","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41604","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41531","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41581","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4159","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41611","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41578","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41564","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4161","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41585","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41509","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41401","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41396","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41318","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22230"},{"reference_url":"https://security.archlinux.org/ASA-202107-18","reference_id":"ASA-202107-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-18"},{"reference_url":"https://security.archlinux.org/AVG-2125","reference_id":"AVG-2125","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22230"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yx48-ptwa-ukhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/284851?format=json","vulnerability_id":"VCID-yzes-ta7y-k3af","summary":"An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff with a pre-existing fork.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0485","reference_id":"","reference_type":"","scores":[{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61805","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61785","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61829","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61811","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61816","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61833","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61828","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61821","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61732","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61781","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61796","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61817","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66653","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66679","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02038","scoring_system":"epss","scoring_elements":"0.83916","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0485"},{"reference_url":"https://hackerone.com/reports/1837937","reference_id":"1837937","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:36:43Z/"}],"url":"https://hackerone.com/reports/1837937"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/389191","reference_id":"389191","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:36:43Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/389191"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0485.json","reference_id":"CVE-2023-0485.json","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:36:43Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0485.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-0485"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yzes-ta7y-k3af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256744?format=json","vulnerability_id":"VCID-z4ez-3sgx-ybb8","summary":"It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39890","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18419","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18788","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18926","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18979","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18702","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18782","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18836","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18841","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18795","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18743","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18692","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18704","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18723","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1861","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18588","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18547","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39890"},{"reference_url":"https://security.archlinux.org/AVG-2431","reference_id":"AVG-2431","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39890"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z4ez-3sgx-ybb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/284835?format=json","vulnerability_id":"VCID-z4rm-g2fc-c7c7","summary":"An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0450","reference_id":"","reference_type":"","scores":[{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.79389","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.79314","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.79302","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.79329","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.79326","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.79327","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.79359","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.79364","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.7938","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.7927","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.79296","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.79306","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.7933","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01345","scoring_system":"epss","scoring_elements":"0.80033","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01785","scoring_system":"epss","scoring_elements":"0.82679","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0450"},{"reference_url":"https://hackerone.com/reports/1831547","reference_id":"1831547","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T15:29:20Z/"}],"url":"https://hackerone.com/reports/1831547"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/388962","reference_id":"388962","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T15:29:20Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/388962"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0450.json","reference_id":"CVE-2023-0450.json","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T15:29:20Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0450.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2023-0450"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z4rm-g2fc-c7c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279148?format=json","vulnerability_id":"VCID-z4xw-vzn9-h3gd","summary":"An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3375","reference_id":"","reference_type":"","scores":[{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63872","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63888","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63841","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63876","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63885","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63875","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63891","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63903","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63901","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63806","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63857","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63874","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0069","scoring_system":"epss","scoring_elements":"0.71763","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0069","scoring_system":"epss","scoring_elements":"0.71744","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3375"},{"reference_url":"https://hackerone.com/reports/1710533","reference_id":"1710533","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:10:57Z/"}],"url":"https://hackerone.com/reports/1710533"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/376041","reference_id":"376041","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:10:57Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/376041"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3375.json","reference_id":"CVE-2022-3375.json","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:10:57Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3375.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3375"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z4xw-vzn9-h3gd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256820?format=json","vulnerability_id":"VCID-z8r2-3th4-uuag","summary":"Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39946","reference_id":"","reference_type":"","scores":[{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40078","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40227","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40251","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40174","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40226","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40238","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40249","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40211","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40192","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40241","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40134","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39961","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39946","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39866","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39737","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39946"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39946"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8r2-3th4-uuag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240563?format=json","vulnerability_id":"VCID-zata-vtf8-u7ag","summary":"Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22250","reference_id":"","reference_type":"","scores":[{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48538","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48574","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48597","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48549","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48603","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48599","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.4862","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48593","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48606","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48656","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48651","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48608","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48604","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48554","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.4847","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22250"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-22250"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zata-vtf8-u7ag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279363?format=json","vulnerability_id":"VCID-zfw8-fmpe-bfar","summary":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines and make a sidekiq job allocate a lot of memory. In GitLab instances where Sidekiq is memory-limited, this may cause Denial of Service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3759","reference_id":"","reference_type":"","scores":[{"value":"0.01571","scoring_system":"epss","scoring_elements":"0.81599","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01571","scoring_system":"epss","scoring_elements":"0.81622","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01571","scoring_system":"epss","scoring_elements":"0.81605","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01834","scoring_system":"epss","scoring_elements":"0.82915","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01834","scoring_system":"epss","scoring_elements":"0.82926","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01834","scoring_system":"epss","scoring_elements":"0.82922","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01834","scoring_system":"epss","scoring_elements":"0.82961","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01834","scoring_system":"epss","scoring_elements":"0.8296","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01834","scoring_system":"epss","scoring_elements":"0.82964","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01834","scoring_system":"epss","scoring_elements":"0.82984","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01834","scoring_system":"epss","scoring_elements":"0.82886","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01834","scoring_system":"epss","scoring_elements":"0.82882","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01834","scoring_system":"epss","scoring_elements":"0.82908","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01834","scoring_system":"epss","scoring_elements":"0.82873","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01834","scoring_system":"epss","scoring_elements":"0.82931","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3759"},{"reference_url":"https://hackerone.com/reports/1736230","reference_id":"1736230","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:38:20Z/"}],"url":"https://hackerone.com/reports/1736230"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/379633","reference_id":"379633","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:38:20Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/379633"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3759.json","reference_id":"CVE-2022-3759.json","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:38:20Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3759.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3759"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zfw8-fmpe-bfar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273734?format=json","vulnerability_id":"VCID-zmhb-purs-aqa1","summary":"A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2992","reference_id":"","reference_type":"","scores":[{"value":"0.93681","scoring_system":"epss","scoring_elements":"0.9985","published_at":"2026-05-05T12:55:00Z"},{"value":"0.93693","scoring_system":"epss","scoring_elements":"0.99846","published_at":"2026-04-02T12:55:00Z"},{"value":"0.93693","scoring_system":"epss","scoring_elements":"0.99847","published_at":"2026-04-07T12:55:00Z"},{"value":"0.93693","scoring_system":"epss","scoring_elements":"0.99848","published_at":"2026-04-11T12:55:00Z"},{"value":"0.93712","scoring_system":"epss","scoring_elements":"0.9985","published_at":"2026-04-21T12:55:00Z"},{"value":"0.93712","scoring_system":"epss","scoring_elements":"0.99851","published_at":"2026-04-24T12:55:00Z"},{"value":"0.93712","scoring_system":"epss","scoring_elements":"0.99852","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2992"},{"reference_url":"https://hackerone.com/reports/1679624","reference_id":"1679624","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:27:07Z/"}],"url":"https://hackerone.com/reports/1679624"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/371884","reference_id":"371884","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:27:07Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/371884"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2992.json","reference_id":"CVE-2022-2992.json","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:27:07Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2992.json"},{"reference_url":"http://packetstormsecurity.com/files/171008/GitLab-GitHub-Repo-Import-Deserialization-Remote-Code-Execution.html","reference_id":"GitLab-GitHub-Repo-Import-Deserialization-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:27:07Z/"}],"url":"http://packetstormsecurity.com/files/171008/GitLab-GitHub-Repo-Import-Deserialization-Remote-Code-Execution.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-2992"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zmhb-purs-aqa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279177?format=json","vulnerability_id":"VCID-zu24-pru5-9qba","summary":"A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3411","reference_id":"","reference_type":"","scores":[{"value":"0.02324","scoring_system":"epss","scoring_elements":"0.8487","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02324","scoring_system":"epss","scoring_elements":"0.84886","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02324","scoring_system":"epss","scoring_elements":"0.84869","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02709","scoring_system":"epss","scoring_elements":"0.85894","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02709","scoring_system":"epss","scoring_elements":"0.85906","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02709","scoring_system":"epss","scoring_elements":"0.85901","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02709","scoring_system":"epss","scoring_elements":"0.85919","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02709","scoring_system":"epss","scoring_elements":"0.85923","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02709","scoring_system":"epss","scoring_elements":"0.85915","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02709","scoring_system":"epss","scoring_elements":"0.85935","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02709","scoring_system":"epss","scoring_elements":"0.85862","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02709","scoring_system":"epss","scoring_elements":"0.85866","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02709","scoring_system":"epss","scoring_elements":"0.85884","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02709","scoring_system":"epss","scoring_elements":"0.85845","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02709","scoring_system":"epss","scoring_elements":"0.85909","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3411"},{"reference_url":"https://hackerone.com/reports/1685995","reference_id":"1685995","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:39:12Z/"}],"url":"https://hackerone.com/reports/1685995"},{"reference_url":"https://gitlab.com/gitlab-org/gitlab/-/issues/376247","reference_id":"376247","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:39:12Z/"}],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/376247"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3411.json","reference_id":"CVE-2022-3411.json","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:39:12Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3411.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2022-3411"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zu24-pru5-9qba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256766?format=json","vulnerability_id":"VCID-zy36-rb3k-y7eg","summary":"An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39904","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30652","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31194","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31321","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31363","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31182","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31235","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31266","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.3127","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31226","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31215","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31197","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31166","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31007","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30885","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30801","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39904"},{"reference_url":"https://security.archlinux.org/AVG-2503","reference_id":"AVG-2503","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923289?format=json","purl":"pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/923255?format=json","purl":"pkg:deb/debian/gitlab@17.6.5-19?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid"}],"aliases":["CVE-2021-39904"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zy36-rb3k-y7eg"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid"}