VulnerableCode Package Details - pkg:alpm/archlinux/gitlab@13.12.2-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3gk7-f7rw-s3bt	An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks.	CVE-2021-22220
VCID-8ahg-hgub-43b5	A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request	CVE-2021-22217
VCID-bakk-7gzs-sfd8	A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources.	CVE-2021-22181
VCID-k29f-m5ey-f3d6	All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.	CVE-2021-22218
VCID-kbpk-h81g-g7dr	An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects	CVE-2021-22215
VCID-n7d2-p93t-73fg	All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.	CVE-2021-22219
VCID-n83t-8xmt-q7cs	When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited	CVE-2021-22214
VCID-s8ds-5b7r-gfed	A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari	CVE-2021-22213
VCID-t5qj-bzm5-5qhe	An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited access after their password expired	CVE-2021-22221
VCID-y93u-mrdn-abe3	A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description	CVE-2021-22216

Vulnerability

Summary

Aliases

VCID-3gk7-f7rw-s3bt

An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks.

CVE-2021-22220

VCID-8ahg-hgub-43b5

A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request

CVE-2021-22217

VCID-bakk-7gzs-sfd8

A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources.

CVE-2021-22181

VCID-k29f-m5ey-f3d6

All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.

CVE-2021-22218

VCID-kbpk-h81g-g7dr

An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects

CVE-2021-22215

VCID-n7d2-p93t-73fg

All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.

CVE-2021-22219

VCID-n83t-8xmt-q7cs

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited

CVE-2021-22214

VCID-s8ds-5b7r-gfed

A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari

CVE-2021-22213

VCID-t5qj-bzm5-5qhe

An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited access after their password expired

CVE-2021-22221

VCID-y93u-mrdn-abe3

A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description

CVE-2021-22216

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:25:31.330320+00:00	Arch Linux Importer	Fixing	VCID-bakk-7gzs-sfd8	https://security.archlinux.org/AVG-2023	38.0.0
2026-04-01T18:25:31.307393+00:00	Arch Linux Importer	Fixing	VCID-s8ds-5b7r-gfed	https://security.archlinux.org/AVG-2023	38.0.0
2026-04-01T18:25:31.283934+00:00	Arch Linux Importer	Fixing	VCID-n83t-8xmt-q7cs	https://security.archlinux.org/AVG-2023	38.0.0
2026-04-01T18:25:31.258587+00:00	Arch Linux Importer	Fixing	VCID-y93u-mrdn-abe3	https://security.archlinux.org/AVG-2023	38.0.0
2026-04-01T18:25:31.234742+00:00	Arch Linux Importer	Fixing	VCID-8ahg-hgub-43b5	https://security.archlinux.org/AVG-2023	38.0.0
2026-04-01T18:25:31.211148+00:00	Arch Linux Importer	Fixing	VCID-k29f-m5ey-f3d6	https://security.archlinux.org/AVG-2023	38.0.0
2026-04-01T18:25:31.189060+00:00	Arch Linux Importer	Fixing	VCID-n7d2-p93t-73fg	https://security.archlinux.org/AVG-2023	38.0.0
2026-04-01T18:25:31.166952+00:00	Arch Linux Importer	Fixing	VCID-3gk7-f7rw-s3bt	https://security.archlinux.org/AVG-2023	38.0.0
2026-04-01T18:25:31.142740+00:00	Arch Linux Importer	Fixing	VCID-t5qj-bzm5-5qhe	https://security.archlinux.org/AVG-2023	38.0.0
2026-04-01T18:25:31.116572+00:00	Arch Linux Importer	Fixing	VCID-kbpk-h81g-g7dr	https://security.archlinux.org/AVG-2045	38.0.0