Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-6yhw-9sqw-zuge
Vulnerability ID VCID-6yhw-9sqw-zuge
Aliases CVE-2021-22209
Summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2021-22209
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2021-22209
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2021-22209
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2021-22209
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2021-22209
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2021-22209
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2021-22209
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2021-22209
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2021-22209
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2021-22209
archlinux High https://security.archlinux.org/AVG-1888
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-22209
ASA-202105-4 https://security.archlinux.org/ASA-202105-4
AVG-1888 https://security.archlinux.org/AVG-1888
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.40353
EPSS Score 0.00186
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T18:08:06.795377+00:00 EPSS Importer Import https://epss.cyentia.com/epss_scores-current.csv.gz 38.0.0