Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/tar@1.29b-1~bpo8%2B1
Typedeb
Namespacedebian
Nametar
Version1.29b-1~bpo8+1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.34+dfsg-1+deb11u1
Latest_non_vulnerable_version1.34+dfsg-1+deb11u1
Affected_by_vulnerabilities
0
url VCID-bjve-yt21-5uhe
vulnerability_id VCID-bjve-yt21-5uhe
summary A vulnerability in Tar could lead to a Denial of Service condition.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20193.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20193.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20193
reference_id
reference_type
scores
0
value 0.00069
scoring_system epss
scoring_elements 0.21172
published_at 2026-04-01T12:55:00Z
1
value 0.00069
scoring_system epss
scoring_elements 0.2117
published_at 2026-04-21T12:55:00Z
2
value 0.00069
scoring_system epss
scoring_elements 0.21183
published_at 2026-04-16T12:55:00Z
3
value 0.00069
scoring_system epss
scoring_elements 0.21193
published_at 2026-04-18T12:55:00Z
4
value 0.00069
scoring_system epss
scoring_elements 0.21325
published_at 2026-04-02T12:55:00Z
5
value 0.00069
scoring_system epss
scoring_elements 0.21379
published_at 2026-04-04T12:55:00Z
6
value 0.00069
scoring_system epss
scoring_elements 0.21133
published_at 2026-04-07T12:55:00Z
7
value 0.00069
scoring_system epss
scoring_elements 0.21213
published_at 2026-04-08T12:55:00Z
8
value 0.00069
scoring_system epss
scoring_elements 0.21275
published_at 2026-04-09T12:55:00Z
9
value 0.00069
scoring_system epss
scoring_elements 0.21285
published_at 2026-04-11T12:55:00Z
10
value 0.00069
scoring_system epss
scoring_elements 0.21244
published_at 2026-04-12T12:55:00Z
11
value 0.00069
scoring_system epss
scoring_elements 0.2119
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20193
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1917565
reference_id 1917565
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1917565
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980525
reference_id 980525
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980525
6
reference_url https://security.archlinux.org/ASA-202102-41
reference_id ASA-202102-41
reference_type
scores
url https://security.archlinux.org/ASA-202102-41
7
reference_url https://security.archlinux.org/AVG-1462
reference_id AVG-1462
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1462
8
reference_url https://security.gentoo.org/glsa/202105-29
reference_id GLSA-202105-29
reference_type
scores
url https://security.gentoo.org/glsa/202105-29
9
reference_url https://usn.ubuntu.com/5329-1/
reference_id USN-5329-1
reference_type
scores
url https://usn.ubuntu.com/5329-1/
fixed_packages
0
url pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1
purl pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1
aliases CVE-2021-20193
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjve-yt21-5uhe
1
url VCID-hq66-w1de-eqe9
vulnerability_id VCID-hq66-w1de-eqe9
summary tar: Incorrectly handled extension attributes in PAX archives can lead to a crash
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39804.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39804.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39804
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.1048
published_at 2026-04-02T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.10509
published_at 2026-04-21T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.10487
published_at 2026-04-08T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.10555
published_at 2026-04-09T12:55:00Z
4
value 0.00036
scoring_system epss
scoring_elements 0.10584
published_at 2026-04-11T12:55:00Z
5
value 0.00036
scoring_system epss
scoring_elements 0.10551
published_at 2026-04-12T12:55:00Z
6
value 0.00036
scoring_system epss
scoring_elements 0.10528
published_at 2026-04-13T12:55:00Z
7
value 0.00036
scoring_system epss
scoring_elements 0.10395
published_at 2026-04-16T12:55:00Z
8
value 0.00036
scoring_system epss
scoring_elements 0.10381
published_at 2026-04-18T12:55:00Z
9
value 0.00036
scoring_system epss
scoring_elements 0.10549
published_at 2026-04-04T12:55:00Z
10
value 0.00036
scoring_system epss
scoring_elements 0.10413
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39804
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39804
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2254067
reference_id 2254067
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2254067
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079
reference_id bugreport.cgi?bug=1058079
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-04T11:15:54Z/
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079
6
reference_url https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4
reference_id ?id=a339f05cd269013fa133d2f148d73f6f7d4247e4
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-04T11:15:54Z/
url https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4
7
reference_url https://usn.ubuntu.com/6543-1/
reference_id USN-6543-1
reference_type
scores
url https://usn.ubuntu.com/6543-1/
8
reference_url https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723
reference_id xheader.c?h=release_1_34#n1723
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-04T11:15:54Z/
url https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723
fixed_packages
0
url pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1
purl pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1
aliases CVE-2023-39804
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hq66-w1de-eqe9
2
url VCID-pkfu-tkaw-m7ba
vulnerability_id VCID-pkfu-tkaw-m7ba
summary A vulnerability has been discovered in GNU Tar which may lead to an out of bounds read.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48303.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48303.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-48303
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13533
published_at 2026-04-21T12:55:00Z
1
value 0.00048
scoring_system epss
scoring_elements 0.14958
published_at 2026-04-02T12:55:00Z
2
value 0.00048
scoring_system epss
scoring_elements 0.15035
published_at 2026-04-04T12:55:00Z
3
value 0.00048
scoring_system epss
scoring_elements 0.14839
published_at 2026-04-07T12:55:00Z
4
value 0.00048
scoring_system epss
scoring_elements 0.14928
published_at 2026-04-08T12:55:00Z
5
value 0.00048
scoring_system epss
scoring_elements 0.14979
published_at 2026-04-09T12:55:00Z
6
value 0.00048
scoring_system epss
scoring_elements 0.14942
published_at 2026-04-11T12:55:00Z
7
value 0.00048
scoring_system epss
scoring_elements 0.14904
published_at 2026-04-12T12:55:00Z
8
value 0.00048
scoring_system epss
scoring_elements 0.14845
published_at 2026-04-13T12:55:00Z
9
value 0.00048
scoring_system epss
scoring_elements 0.14741
published_at 2026-04-16T12:55:00Z
10
value 0.00048
scoring_system epss
scoring_elements 0.14748
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-48303
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48303
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://savannah.gnu.org/patch/?10307
reference_id ?10307
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:34:11Z/
url https://savannah.gnu.org/patch/?10307
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2149722
reference_id 2149722
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2149722
6
reference_url https://savannah.gnu.org/bugs/?62387
reference_id ?62387
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:34:11Z/
url https://savannah.gnu.org/bugs/?62387
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/
reference_id CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:34:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/
8
reference_url https://security.gentoo.org/glsa/202402-12
reference_id GLSA-202402-12
reference_type
scores
url https://security.gentoo.org/glsa/202402-12
9
reference_url https://access.redhat.com/errata/RHSA-2023:0842
reference_id RHSA-2023:0842
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0842
10
reference_url https://access.redhat.com/errata/RHSA-2023:0959
reference_id RHSA-2023:0959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0959
11
reference_url https://access.redhat.com/errata/RHSA-2023:5610
reference_id RHSA-2023:5610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5610
12
reference_url https://usn.ubuntu.com/5900-1/
reference_id USN-5900-1
reference_type
scores
url https://usn.ubuntu.com/5900-1/
13
reference_url https://usn.ubuntu.com/5900-2/
reference_id USN-5900-2
reference_type
scores
url https://usn.ubuntu.com/5900-2/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/
reference_id X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:34:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/
fixed_packages
0
url pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1
purl pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1
aliases CVE-2022-48303
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pkfu-tkaw-m7ba
3
url VCID-rpve-2nqs-mucp
vulnerability_id VCID-rpve-2nqs-mucp
summary tar: null-pointer dereference in pax_decode_header in sparse.c
references
0
reference_url http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/
url http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/
url http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9923.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9923.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-9923
reference_id
reference_type
scores
0
value 0.004
scoring_system epss
scoring_elements 0.60722
published_at 2026-04-21T12:55:00Z
1
value 0.004
scoring_system epss
scoring_elements 0.6056
published_at 2026-04-01T12:55:00Z
2
value 0.004
scoring_system epss
scoring_elements 0.60635
published_at 2026-04-02T12:55:00Z
3
value 0.004
scoring_system epss
scoring_elements 0.60709
published_at 2026-04-12T12:55:00Z
4
value 0.004
scoring_system epss
scoring_elements 0.60689
published_at 2026-04-13T12:55:00Z
5
value 0.004
scoring_system epss
scoring_elements 0.60732
published_at 2026-04-16T12:55:00Z
6
value 0.004
scoring_system epss
scoring_elements 0.60738
published_at 2026-04-18T12:55:00Z
7
value 0.00531
scoring_system epss
scoring_elements 0.67264
published_at 2026-04-08T12:55:00Z
8
value 0.00531
scoring_system epss
scoring_elements 0.67298
published_at 2026-04-11T12:55:00Z
9
value 0.00531
scoring_system epss
scoring_elements 0.67278
published_at 2026-04-09T12:55:00Z
10
value 0.00531
scoring_system epss
scoring_elements 0.67237
published_at 2026-04-04T12:55:00Z
11
value 0.00531
scoring_system epss
scoring_elements 0.67213
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-9923
4
reference_url http://savannah.gnu.org/bugs/?55369
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/
url http://savannah.gnu.org/bugs/?55369
5
reference_url https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/
url https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1691764
reference_id 1691764
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1691764
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925286
reference_id 925286
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925286
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-9923
reference_id CVE-2019-9923
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-9923
15
reference_url https://usn.ubuntu.com/4692-1/
reference_id USN-4692-1
reference_type
scores
url https://usn.ubuntu.com/4692-1/
fixed_packages
0
url pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1
purl pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1
aliases CVE-2019-9923
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rpve-2nqs-mucp
4
url VCID-svwr-123p-skeq
vulnerability_id VCID-svwr-123p-skeq
summary A vulnerability in Tar could led to a Denial of Service condition.
references
0
reference_url http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454
reference_id
reference_type
scores
url http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454
1
reference_url http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html
reference_id
reference_type
scores
url http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20482.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20482.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20482
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05338
published_at 2026-04-01T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05546
published_at 2026-04-21T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.0543
published_at 2026-04-12T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05424
published_at 2026-04-13T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05379
published_at 2026-04-16T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.05382
published_at 2026-04-18T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.0538
published_at 2026-04-02T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.0541
published_at 2026-04-04T12:55:00Z
8
value 0.0002
scoring_system epss
scoring_elements 0.05416
published_at 2026-04-07T12:55:00Z
9
value 0.0002
scoring_system epss
scoring_elements 0.05451
published_at 2026-04-08T12:55:00Z
10
value 0.0002
scoring_system epss
scoring_elements 0.05473
published_at 2026-04-09T12:55:00Z
11
value 0.0002
scoring_system epss
scoring_elements 0.05444
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20482
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html
8
reference_url https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html
9
reference_url https://news.ycombinator.com/item?id=18745431
reference_id
reference_type
scores
url https://news.ycombinator.com/item?id=18745431
10
reference_url https://twitter.com/thatcks/status/1076166645708668928
reference_id
reference_type
scores
url https://twitter.com/thatcks/status/1076166645708668928
11
reference_url https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug
reference_id
reference_type
scores
url https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug
12
reference_url http://www.securityfocus.com/bid/106354
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106354
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1662346
reference_id 1662346
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1662346
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917377
reference_id 917377
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917377
15
reference_url https://security.archlinux.org/ASA-201901-1
reference_id ASA-201901-1
reference_type
scores
url https://security.archlinux.org/ASA-201901-1
16
reference_url https://security.archlinux.org/AVG-841
reference_id AVG-841
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-841
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20482
reference_id CVE-2018-20482
reference_type
scores
0
value 1.9
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:N/C:N/I:N/A:P
1
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2018-20482
22
reference_url https://security.gentoo.org/glsa/201903-05
reference_id GLSA-201903-05
reference_type
scores
url https://security.gentoo.org/glsa/201903-05
23
reference_url https://usn.ubuntu.com/4692-1/
reference_id USN-4692-1
reference_type
scores
url https://usn.ubuntu.com/4692-1/
fixed_packages
0
url pkg:deb/debian/tar@1.30%2Bdfsg-6
purl pkg:deb/debian/tar@1.30%2Bdfsg-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bjve-yt21-5uhe
1
vulnerability VCID-hq66-w1de-eqe9
2
vulnerability VCID-pkfu-tkaw-m7ba
3
vulnerability VCID-rpve-2nqs-mucp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.30%252Bdfsg-6
aliases CVE-2018-20482
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-svwr-123p-skeq
5
url VCID-vzdf-6u9d-bfax
vulnerability_id VCID-vzdf-6u9d-bfax
summary 
A path traversal attack in Tar may lead to the remote execution of
    arbitrary code.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6321.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6321.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-6321
reference_id
reference_type
scores
0
value 0.11143
scoring_system epss
scoring_elements 0.93506
published_at 2026-04-21T12:55:00Z
1
value 0.11143
scoring_system epss
scoring_elements 0.93448
published_at 2026-04-02T12:55:00Z
2
value 0.11143
scoring_system epss
scoring_elements 0.93456
published_at 2026-04-04T12:55:00Z
3
value 0.11143
scoring_system epss
scoring_elements 0.93457
published_at 2026-04-07T12:55:00Z
4
value 0.11143
scoring_system epss
scoring_elements 0.93465
published_at 2026-04-08T12:55:00Z
5
value 0.11143
scoring_system epss
scoring_elements 0.93468
published_at 2026-04-09T12:55:00Z
6
value 0.11143
scoring_system epss
scoring_elements 0.93474
published_at 2026-04-13T12:55:00Z
7
value 0.11143
scoring_system epss
scoring_elements 0.93473
published_at 2026-04-12T12:55:00Z
8
value 0.11143
scoring_system epss
scoring_elements 0.93493
published_at 2026-04-16T12:55:00Z
9
value 0.11143
scoring_system epss
scoring_elements 0.93499
published_at 2026-04-18T12:55:00Z
10
value 0.11143
scoring_system epss
scoring_elements 0.9344
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-6321
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:N/I:P/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url http://seclists.org/fulldisclosure/2016/Oct/102
reference_id 102
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/
url http://seclists.org/fulldisclosure/2016/Oct/102
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1318562
reference_id 1318562
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1318562
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842339
reference_id 842339
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842339
7
reference_url http://www.securityfocus.com/bid/93937
reference_id 93937
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/
url http://www.securityfocus.com/bid/93937
8
reference_url http://seclists.org/fulldisclosure/2016/Oct/96
reference_id 96
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/
url http://seclists.org/fulldisclosure/2016/Oct/96
9
reference_url https://security.archlinux.org/ASA-201611-11
reference_id ASA-201611-11
reference_type
scores
url https://security.archlinux.org/ASA-201611-11
10
reference_url https://security.archlinux.org/AVG-64
reference_id AVG-64
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-64
11
reference_url http://www.debian.org/security/2016/dsa-3702
reference_id dsa-3702
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/
url http://www.debian.org/security/2016/dsa-3702
12
reference_url https://security.gentoo.org/glsa/201611-19
reference_id GLSA-201611-19
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/
url https://security.gentoo.org/glsa/201611-19
13
reference_url http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html
reference_id GNU-tar-1.29-Extract-Pathname-Bypass.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/
url http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html
14
reference_url http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
reference_id ?id=7340f67b9860ea0531c1450e5aa261c50f67165d
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/
url http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
15
reference_url http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html
reference_id msg00016.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/
url http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html
16
reference_url https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
reference_id tar-extract-pathname-bypass.proper.txt
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/
url https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
17
reference_url https://usn.ubuntu.com/3132-1/
reference_id USN-3132-1
reference_type
scores
url https://usn.ubuntu.com/3132-1/
18
reference_url http://www.ubuntu.com/usn/USN-3132-1
reference_id USN-3132-1
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/
url http://www.ubuntu.com/usn/USN-3132-1
fixed_packages
0
url pkg:deb/debian/tar@1.29b-1.1
purl pkg:deb/debian/tar@1.29b-1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bjve-yt21-5uhe
1
vulnerability VCID-hq66-w1de-eqe9
2
vulnerability VCID-pkfu-tkaw-m7ba
3
vulnerability VCID-rpve-2nqs-mucp
4
vulnerability VCID-svwr-123p-skeq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.29b-1.1
aliases CVE-2016-6321
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vzdf-6u9d-bfax
Fixing_vulnerabilities
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.29b-1~bpo8%252B1