Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2020-13275 | A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 | 8.0 | 1.04% | 2020-06-19 | 2026-06-16 |
| CVE-2020-13279 | Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system | 8.6 | 1.20% | 2020-06-22 | 2026-06-16 |
| CVE-2020-13292 | In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. | 9.6 | 1.00% | 2020-08-10 | 2026-06-16 |
| CVE-2020-13291 | In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. | 8.1 | 0.96% | 2020-08-12 | 2026-06-16 |
| CVE-2020-13299 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session. | 8.1 | 1.23% | 2020-09-14 | 2026-06-16 |
| CVE-2020-13300 | GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. | 8.0 | 1.29% | 2020-09-14 | 2026-06-16 |
| CVE-2020-13321 | A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added. | 8.3 | 1.40% | 2020-09-30 | 2026-06-16 |
| CVE-2020-13347 | A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable. | 9.1 | 2.25% | 2020-10-07 | 2026-06-16 |
| CVE-2020-13340 | An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log | 8.7 | 68.64% | 2020-10-08 | 2026-06-16 |
| CVE-2020-13356 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | 8.2 | 1.76% | 2020-11-18 | 2026-06-16 |
| CVE-2021-22192 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. | 9.9 | 13.11% | 2021-03-24 | 2026-06-16 |
| CVE-2021-22195 | Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system | 8.6 | 1.14% | 2021-04-01 | 2026-06-16 |
| CVE-2021-22201 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. | 9.6 | 3.07% | 2021-04-02 | 2026-06-16 |
| CVE-2021-22190 | A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token | 8.5 | 1.32% | 2021-04-12 | 2026-06-16 |
| CVE-2021-22205 KEV | An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. | 10.0 | 99.73% | 2021-04-23 | 2026-06-16 |
| CVE-2021-22213 | A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari | 8.8 | 1.67% | 2021-06-08 | 2026-06-16 |
| CVE-2021-22241 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name. | 8.7 | 0.99% | 2021-08-05 | 2026-06-16 |
| CVE-2021-22234 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server. | 9.6 | 1.00% | 2021-08-05 | 2026-06-16 |
| CVE-2021-22242 | Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | 8.7 | 63.55% | 2021-08-25 | 2026-06-16 |
| CVE-2021-39885 | A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names | 8.7 | 0.95% | 2021-10-04 | 2026-06-17 |