Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2020-13341 | An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions. | 4.9 | 1.17% | 2020-10-12 | 2026-06-16 |
| CVE-2020-13342 | An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email | 2.7 | 0.87% | 2020-10-07 | 2026-06-16 |
| CVE-2020-13343 | An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template | 7.5 | 1.49% | 2020-10-06 | 2026-06-16 |
| CVE-2020-13344 | An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis | 5.7 | 0.34% | 2020-10-08 | 2026-06-16 |
| CVE-2020-13345 | An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes | 5.5 | 0.88% | 2020-10-06 | 2026-06-16 |
| CVE-2020-13346 | Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. | 6.5 | 1.32% | 2020-10-07 | 2026-06-16 |
| CVE-2020-13347 | A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable. | 9.1 | 2.25% | 2020-10-07 | 2026-06-16 |
| CVE-2020-13348 | An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | 5.7 | 0.79% | 2020-11-17 | 2026-06-16 |
| CVE-2020-13349 | An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | 4.3 | 0.90% | 2020-11-17 | 2026-06-16 |
| CVE-2020-13350 | CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9. | 3.1 | 0.69% | 2020-11-17 | 2026-06-16 |
| CVE-2020-13351 | Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2. | 6.5 | 1.34% | 2020-11-17 | 2026-06-16 |
| CVE-2020-13352 | Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | 3.7 | 1.21% | 2020-11-16 | 2026-06-16 |
| CVE-2020-13353 | When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. | 2.5 | 0.27% | 2020-11-16 | 2026-06-16 |
| CVE-2020-13354 | A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9. | 4.3 | 1.42% | 2020-11-16 | 2026-06-16 |
| CVE-2020-13355 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | 7.5 | 1.66% | 2020-11-18 | 2026-06-16 |
| CVE-2020-13356 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | 8.2 | 1.76% | 2020-11-18 | 2026-06-16 |
| CVE-2020-13357 | An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project. | 4.3 | 0.76% | 2020-12-10 | 2026-06-16 |
| CVE-2020-13358 | A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2. | 4.7 | 0.32% | 2020-11-16 | 2026-06-16 |
| CVE-2020-13359 | The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | 7.6 | 0.76% | 2020-11-18 | 2026-06-16 |
| CVE-2020-13360 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | N/A | 0.24% | 2020-11-18 | 2023-11-06 |