Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2020-13294 | In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. | 4.2 | 1.22% | 2020-08-10 | 2026-06-16 |
| CVE-2020-13295 | For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. | 5.4 | 1.16% | 2020-08-10 | 2026-06-16 |
| CVE-2020-13278 | Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request. | 6.1 | 1.43% | 2020-08-12 | 2026-06-16 |
| CVE-2020-13288 | In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page | 5.5 | 4.04% | 2020-08-12 | 2026-06-16 |
| CVE-2020-13290 | In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page | 7.5 | 1.11% | 2020-08-12 | 2026-06-16 |
| CVE-2020-13291 | In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. | 8.1 | 0.96% | 2020-08-12 | 2026-06-16 |
| CVE-2020-13280 | For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. | 6.5 | 1.05% | 2020-08-13 | 2026-06-16 |
| CVE-2020-13282 | For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. | 3.1 | 0.68% | 2020-08-13 | 2026-06-16 |
| CVE-2020-13283 | For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title. | 7.3 | 0.85% | 2020-08-13 | 2026-06-16 |
| CVE-2020-13285 | For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip. | 7.3 | 1.01% | 2020-08-13 | 2026-06-16 |
| CVE-2020-13281 | For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature | 6.5 | 1.33% | 2020-08-13 | 2026-06-16 |
| CVE-2020-13286 | For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery. | 6.4 | 0.74% | 2020-08-13 | 2026-06-16 |
| CVE-2020-13284 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token | 6.5 | 1.09% | 2020-09-14 | 2026-06-16 |
| CVE-2020-13287 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues | 4.3 | 1.21% | 2020-09-14 | 2026-06-16 |
| CVE-2020-13289 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated. | 5.4 | 0.69% | 2020-09-14 | 2026-06-16 |
| CVE-2020-13299 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session. | 8.1 | 1.23% | 2020-09-14 | 2026-06-16 |
| CVE-2020-13300 | GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. | 8.0 | 1.29% | 2020-09-14 | 2026-06-16 |
| CVE-2020-13316 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line. | 5.4 | 1.42% | 2020-09-14 | 2026-06-16 |
| CVE-2020-13318 | A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack. | 6.4 | 0.98% | 2020-09-14 | 2026-06-16 |
| CVE-2020-13311 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface. | 4.3 | 1.50% | 2020-09-14 | 2026-06-16 |