Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2020-13261 | Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code | 5.3 | 0.88% | 2020-06-19 | 2026-06-16 |
| CVE-2020-13262 | Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link | 6.1 | 0.87% | 2020-06-19 | 2026-06-16 |
| CVE-2020-13263 | An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. | 7.5 | 1.02% | 2020-06-19 | 2026-06-16 |
| CVE-2020-13264 | Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token | 5.3 | 1.08% | 2020-06-19 | 2026-06-16 |
| CVE-2020-13265 | User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification | 4.3 | 0.73% | 2020-06-19 | 2026-06-16 |
| CVE-2020-13266 | Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions | 4.3 | 0.55% | 2020-06-09 | 2026-06-16 |
| CVE-2020-13267 | A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1 | 6.1 | 1.75% | 2020-06-10 | 2026-06-16 |
| CVE-2020-13268 | A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1 | 5.3 | 1.07% | 2020-06-10 | 2026-06-16 |
| CVE-2020-13269 | A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1 | 6.1 | 1.75% | 2020-06-10 | 2026-06-16 |
| CVE-2020-13270 | Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API | 7.5 | 1.41% | 2020-06-10 | 2026-06-16 |
| CVE-2020-13271 | A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1 | 6.1 | 1.53% | 2020-06-10 | 2026-06-16 |
| CVE-2020-13272 | OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow | 7.5 | 0.58% | 2020-06-19 | 2026-06-16 |
| CVE-2020-13273 | A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 | 7.5 | 1.19% | 2020-06-19 | 2026-06-16 |
| CVE-2020-13274 | A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 | 7.5 | 1.15% | 2020-06-19 | 2026-06-16 |
| CVE-2020-13275 | A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 | 8.0 | 1.04% | 2020-06-19 | 2026-06-16 |
| CVE-2020-13276 | User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 | 7.4 | 0.67% | 2020-06-19 | 2026-06-16 |
| CVE-2020-13277 | An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | 6.3 | 1.85% | 2020-06-19 | 2026-06-16 |
| CVE-2020-13278 | Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request. | 6.1 | 1.43% | 2020-08-12 | 2026-06-16 |
| CVE-2020-13279 | Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system | 8.6 | 1.20% | 2020-06-22 | 2026-06-16 |
| CVE-2020-13280 | For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. | 6.5 | 1.05% | 2020-08-13 | 2026-06-16 |