Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1050407?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1050407?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.12%2B7-2~deb11u1", "type": "deb", "namespace": "debian", "name": "openjdk-17", "version": "17.0.12+7-2~deb11u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "17.0.18+8-1~deb12u1", "latest_non_vulnerable_version": "17.0.18+8-1~deb12u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70352?format=api", "vulnerability_id": "VCID-11vj-5zz4-6fe7", "summary": "openjdk: Enhance Buffered Image handling (Oracle CPU 2025-04)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30698.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30698.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30698", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69565", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69717", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69651", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69703", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69712", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69581", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.6956", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69611", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69627", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.6965", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69635", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69621", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69661", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.6967", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30698" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30698", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30698" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103897", "reference_id": "1103897", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103897" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103898", "reference_id": "1103898", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103898" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103899", "reference_id": "1103899", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103899" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103900", "reference_id": "1103900", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103900" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359693", "reference_id": "2359693", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359693" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2025.html", "reference_id": "cpuapr2025.html", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:13:36Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2025.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3844", "reference_id": "RHSA-2025:3844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3845", "reference_id": "RHSA-2025:3845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3846", "reference_id": "RHSA-2025:3846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3847", "reference_id": "RHSA-2025:3847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3848", "reference_id": "RHSA-2025:3848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3849", "reference_id": "RHSA-2025:3849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3850", "reference_id": "RHSA-2025:3850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3852", "reference_id": "RHSA-2025:3852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3853", "reference_id": "RHSA-2025:3853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3854", "reference_id": "RHSA-2025:3854", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3854" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3855", "reference_id": "RHSA-2025:3855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3856", "reference_id": "RHSA-2025:3856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3857", "reference_id": "RHSA-2025:3857", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7508", "reference_id": "RHSA-2025:7508", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8063", "reference_id": "RHSA-2025:8063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8431", "reference_id": "RHSA-2025:8431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8431" }, { "reference_url": "https://usn.ubuntu.com/7480-1/", "reference_id": "USN-7480-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7480-1/" }, { "reference_url": "https://usn.ubuntu.com/7481-1/", "reference_id": "USN-7481-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7481-1/" }, { "reference_url": "https://usn.ubuntu.com/7482-1/", "reference_id": "USN-7482-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7482-1/" }, { "reference_url": "https://usn.ubuntu.com/7483-1/", "reference_id": "USN-7483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7483-1/" }, { "reference_url": "https://usn.ubuntu.com/7484-1/", "reference_id": "USN-7484-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7484-1/" }, { "reference_url": "https://usn.ubuntu.com/7531-1/", "reference_id": "USN-7531-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7531-1/" }, { "reference_url": "https://usn.ubuntu.com/7533-1/", "reference_id": "USN-7533-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7533-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" } ], "aliases": [ "CVE-2025-30698" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11vj-5zz4-6fe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66833?format=api", "vulnerability_id": "VCID-13t7-vubq-8kae", "summary": "openjdk: Enhance certificate handling (Oracle CPU 2025-10)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53057.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53057.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53057", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18209", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22384", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22702", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22599", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22397", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22386", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22747", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22535", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22612", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22666", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22683", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22642", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22587", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22602", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53057" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118944", "reference_id": "1118944", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118944" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403082", "reference_id": "2403082", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403082" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "reference_id": "cpuoct2025.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-22T14:46:38Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2025.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18814", "reference_id": "RHSA-2025:18814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18814" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18815", "reference_id": "RHSA-2025:18815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18816", "reference_id": "RHSA-2025:18816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18817", "reference_id": "RHSA-2025:18817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18818", "reference_id": "RHSA-2025:18818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18819", "reference_id": "RHSA-2025:18819", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18819" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18820", "reference_id": "RHSA-2025:18820", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18820" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18821", "reference_id": "RHSA-2025:18821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18821" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18822", "reference_id": "RHSA-2025:18822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18823", "reference_id": "RHSA-2025:18823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18824", "reference_id": "RHSA-2025:18824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18825", "reference_id": "RHSA-2025:18825", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18825" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18826", "reference_id": "RHSA-2025:18826", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18826" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21485", "reference_id": "RHSA-2025:21485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22370", "reference_id": "RHSA-2025:22370", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22672", "reference_id": "RHSA-2025:22672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22672" }, { "reference_url": "https://usn.ubuntu.com/7881-1/", "reference_id": "USN-7881-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7881-1/" }, { "reference_url": "https://usn.ubuntu.com/7882-1/", "reference_id": "USN-7882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7882-1/" }, { "reference_url": "https://usn.ubuntu.com/7883-1/", "reference_id": "USN-7883-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7883-1/" }, { "reference_url": "https://usn.ubuntu.com/7884-1/", "reference_id": "USN-7884-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7884-1/" }, { "reference_url": "https://usn.ubuntu.com/7885-1/", "reference_id": "USN-7885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7885-1/" }, { "reference_url": "https://usn.ubuntu.com/7900-1/", "reference_id": "USN-7900-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7900-1/" }, { "reference_url": "https://usn.ubuntu.com/7901-1/", "reference_id": "USN-7901-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7901-1/" }, { "reference_url": "https://usn.ubuntu.com/7902-1/", "reference_id": "USN-7902-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7902-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" } ], "aliases": [ "CVE-2025-53057" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-13t7-vubq-8kae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353818?format=api", "vulnerability_id": "VCID-1gha-995s-7qdg", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22016.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22016.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09722", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09688", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30087", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22016" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22016", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22016" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894", "reference_id": "1134894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460039", "reference_id": "2460039", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460039" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:11:15Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11403", "reference_id": "RHSA-2026:11403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11655", "reference_id": "RHSA-2026:11655", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11655" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11822", "reference_id": "RHSA-2026:11822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11829", "reference_id": "RHSA-2026:11829", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11829" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11902", "reference_id": "RHSA-2026:11902", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11902" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9683", "reference_id": "RHSA-2026:9683", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9683" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9686", "reference_id": "RHSA-2026:9686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9689", "reference_id": "RHSA-2026:9689", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9689" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050409?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1" } ], "aliases": [ "CVE-2026-22016" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1gha-995s-7qdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64943?format=api", "vulnerability_id": "VCID-4snj-etwf-eqe8", "summary": "openjdk: Improve HttpServer Request handling (Oracle CPU 2026-01)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21933.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21933.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21933", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09035", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09061", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.08951", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09105", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09147", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09086", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0901", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0909", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09121", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09122", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09091", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09077", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.08972", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21933" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119", "reference_id": "1126119", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429926", "reference_id": "2429926", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429926" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2026.html", "reference_id": "cpujan2026.html", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:56:13Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0847", "reference_id": "RHSA-2026:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0848", "reference_id": "RHSA-2026:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0849", "reference_id": "RHSA-2026:0849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0895", "reference_id": "RHSA-2026:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0896", "reference_id": "RHSA-2026:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0896" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0897", "reference_id": "RHSA-2026:0897", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0897" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0898", "reference_id": "RHSA-2026:0898", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0898" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0899", "reference_id": "RHSA-2026:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0900", "reference_id": "RHSA-2026:0900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0901", "reference_id": "RHSA-2026:0901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0927", "reference_id": "RHSA-2026:0927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0928", "reference_id": "RHSA-2026:0928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0928" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0931", "reference_id": "RHSA-2026:0931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0932", "reference_id": "RHSA-2026:0932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0933", "reference_id": "RHSA-2026:0933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1606", "reference_id": "RHSA-2026:1606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4832", "reference_id": "RHSA-2026:4832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4832" }, { "reference_url": "https://usn.ubuntu.com/7995-1/", "reference_id": "USN-7995-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7995-1/" }, { "reference_url": "https://usn.ubuntu.com/7996-1/", "reference_id": "USN-7996-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7996-1/" }, { "reference_url": "https://usn.ubuntu.com/7997-1/", "reference_id": "USN-7997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7997-1/" }, { "reference_url": "https://usn.ubuntu.com/7998-1/", "reference_id": "USN-7998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7998-1/" }, { "reference_url": "https://usn.ubuntu.com/8000-1/", "reference_id": "USN-8000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8000-1/" }, { "reference_url": "https://usn.ubuntu.com/8001-1/", "reference_id": "USN-8001-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8001-1/" }, { "reference_url": "https://usn.ubuntu.com/8002-1/", "reference_id": "USN-8002-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8002-1/" }, { "reference_url": "https://usn.ubuntu.com/8003-1/", "reference_id": "USN-8003-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8003-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050409?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1" } ], "aliases": [ "CVE-2026-21933" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4snj-etwf-eqe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353650?format=api", "vulnerability_id": "VCID-57sd-8y93-qqhu", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34282.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34282.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.121", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12067", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14332", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34282" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34282", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34282" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460044", "reference_id": "2460044", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460044" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:33:23Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11403", "reference_id": "RHSA-2026:11403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11655", "reference_id": "RHSA-2026:11655", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11655" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11822", "reference_id": "RHSA-2026:11822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11829", "reference_id": "RHSA-2026:11829", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11829" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11902", "reference_id": "RHSA-2026:11902", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11902" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9686", "reference_id": "RHSA-2026:9686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9689", "reference_id": "RHSA-2026:9689", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9689" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050409?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1" } ], "aliases": [ "CVE-2026-34282" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57sd-8y93-qqhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31982?format=api", "vulnerability_id": "VCID-6196-gvhx-ruh8", "summary": "Multiple vulnerabilities have been discovered in OpenJDK, the worst of which could lead to remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21235.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21235.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21235", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.3838", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38417", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38441", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38305", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38355", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38363", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44063", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.43981", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.4421", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44139", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44066", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44158", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44159", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.4422", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21235" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085696", "reference_id": "1085696", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085696" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318534", "reference_id": "2318534", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318534" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*" }, { "reference_url": "https://security.gentoo.org/glsa/202412-07", "reference_id": "GLSA-202412-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10926", "reference_id": "RHSA-2024:10926", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8116", "reference_id": "RHSA-2024:8116", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8116" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8117", "reference_id": "RHSA-2024:8117", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8117" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8118", "reference_id": "RHSA-2024:8118", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8118" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8119", "reference_id": "RHSA-2024:8119", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8119" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8120", "reference_id": "RHSA-2024:8120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8121", "reference_id": "RHSA-2024:8121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8122", "reference_id": "RHSA-2024:8122", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8122" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8123", "reference_id": "RHSA-2024:8123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8124", "reference_id": "RHSA-2024:8124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8125", "reference_id": "RHSA-2024:8125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8126", "reference_id": "RHSA-2024:8126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8127", "reference_id": "RHSA-2024:8127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8127" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8128", "reference_id": "RHSA-2024:8128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8129", "reference_id": "RHSA-2024:8129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8129" }, { "reference_url": "https://usn.ubuntu.com/7096-1/", "reference_id": "USN-7096-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7096-1/" }, { "reference_url": "https://usn.ubuntu.com/7097-1/", "reference_id": "USN-7097-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7097-1/" }, { "reference_url": "https://usn.ubuntu.com/7098-1/", "reference_id": "USN-7098-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7098-1/" }, { "reference_url": "https://usn.ubuntu.com/7099-1/", "reference_id": "USN-7099-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7099-1/" }, { "reference_url": "https://usn.ubuntu.com/7124-1/", "reference_id": "USN-7124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7124-1/" }, { "reference_url": "https://usn.ubuntu.com/7338-1/", "reference_id": "USN-7338-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7338-1/" }, { "reference_url": "https://usn.ubuntu.com/7339-1/", "reference_id": "USN-7339-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7339-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" } ], "aliases": [ "CVE-2024-21235" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6196-gvhx-ruh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353834?format=api", "vulnerability_id": "VCID-6r1k-8y1c-q7fm", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22007.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22007.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22007", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01704", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01698", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05765", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22007" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894", "reference_id": "1134894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460038", "reference_id": "2460038", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460038" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11403", "reference_id": "RHSA-2026:11403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11655", "reference_id": "RHSA-2026:11655", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11655" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11822", "reference_id": "RHSA-2026:11822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11829", "reference_id": "RHSA-2026:11829", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11829" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11902", "reference_id": "RHSA-2026:11902", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11902" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9683", "reference_id": "RHSA-2026:9683", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9683" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9686", "reference_id": "RHSA-2026:9686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9689", "reference_id": "RHSA-2026:9689", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9689" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050409?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1" } ], "aliases": [ "CVE-2026-22007" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6r1k-8y1c-q7fm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31980?format=api", "vulnerability_id": "VCID-9n5v-4daz-eyc2", "summary": "Multiple vulnerabilities have been discovered in OpenJDK, the worst of which could lead to remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26428", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26551", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26493", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26487", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26767", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26807", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26591", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26658", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26708", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26713", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26668", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26611", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26618", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26589", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21217" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085696", "reference_id": "1085696", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085696" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318530", "reference_id": "2318530", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318530" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*" }, { "reference_url": "https://security.gentoo.org/glsa/202412-07", "reference_id": "GLSA-202412-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10926", "reference_id": "RHSA-2024:10926", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8116", "reference_id": "RHSA-2024:8116", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8116" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8117", "reference_id": "RHSA-2024:8117", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8117" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8118", "reference_id": "RHSA-2024:8118", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8118" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8119", "reference_id": "RHSA-2024:8119", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8119" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8120", "reference_id": "RHSA-2024:8120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8121", "reference_id": "RHSA-2024:8121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8122", "reference_id": "RHSA-2024:8122", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8122" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8123", "reference_id": "RHSA-2024:8123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8124", "reference_id": "RHSA-2024:8124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8125", "reference_id": "RHSA-2024:8125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8126", "reference_id": "RHSA-2024:8126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8127", "reference_id": "RHSA-2024:8127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8127" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8128", "reference_id": "RHSA-2024:8128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8129", "reference_id": "RHSA-2024:8129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8129" }, { "reference_url": "https://usn.ubuntu.com/7096-1/", "reference_id": "USN-7096-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7096-1/" }, { "reference_url": "https://usn.ubuntu.com/7097-1/", "reference_id": "USN-7097-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7097-1/" }, { "reference_url": "https://usn.ubuntu.com/7098-1/", "reference_id": "USN-7098-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7098-1/" }, { "reference_url": "https://usn.ubuntu.com/7099-1/", "reference_id": "USN-7099-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7099-1/" }, { "reference_url": "https://usn.ubuntu.com/7124-1/", "reference_id": "USN-7124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7124-1/" }, { "reference_url": "https://usn.ubuntu.com/7338-1/", "reference_id": "USN-7338-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7338-1/" }, { "reference_url": "https://usn.ubuntu.com/7339-1/", "reference_id": "USN-7339-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7339-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" } ], "aliases": [ "CVE-2024-21217" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9n5v-4daz-eyc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64944?format=api", "vulnerability_id": "VCID-apsn-z1br-3bdy", "summary": "openjdk: Enhance Certificate Checking (Oracle CPU 2026-01)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21945.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21945.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21945", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16874", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16569", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16709", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16615", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16604", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.1693", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16714", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16799", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16854", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16832", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16786", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16728", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16664", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16672", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21945" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119", "reference_id": "1126119", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429927", "reference_id": "2429927", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429927" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2026.html", "reference_id": "cpujan2026.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:04:39Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0847", "reference_id": "RHSA-2026:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0848", "reference_id": "RHSA-2026:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0849", "reference_id": "RHSA-2026:0849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0895", "reference_id": "RHSA-2026:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0896", "reference_id": "RHSA-2026:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0896" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0897", "reference_id": "RHSA-2026:0897", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0897" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0898", "reference_id": "RHSA-2026:0898", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0898" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0899", "reference_id": "RHSA-2026:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0900", "reference_id": "RHSA-2026:0900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0901", "reference_id": "RHSA-2026:0901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0927", "reference_id": "RHSA-2026:0927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0928", "reference_id": "RHSA-2026:0928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0928" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0931", "reference_id": "RHSA-2026:0931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0932", "reference_id": "RHSA-2026:0932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0933", "reference_id": "RHSA-2026:0933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1606", "reference_id": "RHSA-2026:1606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4832", "reference_id": "RHSA-2026:4832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4832" }, { "reference_url": "https://usn.ubuntu.com/7995-1/", "reference_id": "USN-7995-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7995-1/" }, { "reference_url": "https://usn.ubuntu.com/7996-1/", "reference_id": "USN-7996-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7996-1/" }, { "reference_url": "https://usn.ubuntu.com/7997-1/", "reference_id": "USN-7997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7997-1/" }, { "reference_url": "https://usn.ubuntu.com/7998-1/", "reference_id": "USN-7998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7998-1/" }, { "reference_url": "https://usn.ubuntu.com/8000-1/", "reference_id": "USN-8000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8000-1/" }, { "reference_url": "https://usn.ubuntu.com/8001-1/", "reference_id": "USN-8001-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8001-1/" }, { "reference_url": "https://usn.ubuntu.com/8002-1/", "reference_id": "USN-8002-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8002-1/" }, { "reference_url": "https://usn.ubuntu.com/8003-1/", "reference_id": "USN-8003-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8003-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050409?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1" } ], "aliases": [ "CVE-2026-21945" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-apsn-z1br-3bdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68623?format=api", "vulnerability_id": "VCID-b32x-4pu4-jkh4", "summary": "openjdk: Better Glyph drawing (Oracle CPU 2025-07)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30749.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30749.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30749", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66247", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.6625", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66294", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66307", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66277", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66893", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00672", "scoring_system": "epss", "scoring_elements": "0.71451", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00672", "scoring_system": "epss", "scoring_elements": "0.71407", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00672", "scoring_system": "epss", "scoring_elements": "0.71439", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00672", "scoring_system": "epss", "scoring_elements": "0.71446", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00672", "scoring_system": "epss", "scoring_elements": "0.71388", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00672", "scoring_system": "epss", "scoring_elements": "0.71372", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00672", "scoring_system": "epss", "scoring_elements": "0.71355", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00672", "scoring_system": "epss", "scoring_elements": "0.71401", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30749" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376783", "reference_id": "2376783", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376783" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2025.html", "reference_id": "cpujul2025.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-15T20:23:21Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2025.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10861", "reference_id": "RHSA-2025:10861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10862", "reference_id": "RHSA-2025:10862", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10863", "reference_id": "RHSA-2025:10863", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10864", "reference_id": "RHSA-2025:10864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10865", "reference_id": "RHSA-2025:10865", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10865" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10866", "reference_id": "RHSA-2025:10866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10867", "reference_id": "RHSA-2025:10867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10868", "reference_id": "RHSA-2025:10868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10869", "reference_id": "RHSA-2025:10869", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10869" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10870", "reference_id": "RHSA-2025:10870", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10870" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10873", "reference_id": "RHSA-2025:10873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10873" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10874", "reference_id": "RHSA-2025:10874", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10874" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10875", "reference_id": "RHSA-2025:10875", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10875" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13656", "reference_id": "RHSA-2025:13656", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13656" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13675", "reference_id": "RHSA-2025:13675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://usn.ubuntu.com/7667-1/", "reference_id": "USN-7667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7667-1/" }, { "reference_url": "https://usn.ubuntu.com/7668-1/", "reference_id": "USN-7668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7668-1/" }, { "reference_url": "https://usn.ubuntu.com/7669-1/", "reference_id": "USN-7669-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7669-1/" }, { "reference_url": "https://usn.ubuntu.com/7672-1/", "reference_id": "USN-7672-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7672-1/" }, { "reference_url": "https://usn.ubuntu.com/7673-1/", "reference_id": "USN-7673-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7673-1/" }, { "reference_url": "https://usn.ubuntu.com/7674-1/", "reference_id": "USN-7674-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7674-1/" }, { "reference_url": "https://usn.ubuntu.com/7690-1/", "reference_id": "USN-7690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7690-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" } ], "aliases": [ "CVE-2025-30749" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b32x-4pu4-jkh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64942?format=api", "vulnerability_id": "VCID-duy9-6f1p-vqah", "summary": "openjdk: Enhance Handling of URIs (Oracle CPU 2026-01)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21932.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21932.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09259", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09323", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09355", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09406", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09361", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0931", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09227", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09302", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09346", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09356", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09328", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09314", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09205", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09204", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21932" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119", "reference_id": "1126119", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429925", "reference_id": "2429925", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429925" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2026.html", "reference_id": "cpujan2026.html", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:55:36Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0849", "reference_id": "RHSA-2026:0849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0896", "reference_id": "RHSA-2026:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0896" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0898", "reference_id": "RHSA-2026:0898", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0898" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0900", "reference_id": "RHSA-2026:0900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1606", "reference_id": "RHSA-2026:1606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1606" }, { "reference_url": "https://usn.ubuntu.com/7995-1/", "reference_id": "USN-7995-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7995-1/" }, { "reference_url": "https://usn.ubuntu.com/7996-1/", "reference_id": "USN-7996-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7996-1/" }, { "reference_url": "https://usn.ubuntu.com/7997-1/", "reference_id": "USN-7997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7997-1/" }, { "reference_url": "https://usn.ubuntu.com/7998-1/", "reference_id": "USN-7998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7998-1/" }, { "reference_url": "https://usn.ubuntu.com/8000-1/", "reference_id": "USN-8000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8000-1/" }, { "reference_url": "https://usn.ubuntu.com/8001-1/", "reference_id": "USN-8001-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8001-1/" }, { "reference_url": "https://usn.ubuntu.com/8002-1/", "reference_id": "USN-8002-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8002-1/" }, { "reference_url": "https://usn.ubuntu.com/8003-1/", "reference_id": "USN-8003-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8003-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050409?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1" } ], "aliases": [ "CVE-2026-21932" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-duy9-6f1p-vqah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68625?format=api", "vulnerability_id": "VCID-e6dm-6767-9kdk", "summary": "openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50059.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50059.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-50059", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32136", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32274", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32212", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32185", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32311", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32233", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32589", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32433", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32317", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32669", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32631", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32603", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32641", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32619", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-50059" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50059", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50059" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376785", "reference_id": "2376785", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376785" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2025.html", "reference_id": "cpujul2025.html", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-16T14:42:42Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2025.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10865", "reference_id": "RHSA-2025:10865", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10865" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10866", "reference_id": "RHSA-2025:10866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10867", "reference_id": "RHSA-2025:10867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10868", "reference_id": "RHSA-2025:10868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10869", "reference_id": "RHSA-2025:10869", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10869" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10870", "reference_id": "RHSA-2025:10870", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10870" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10873", "reference_id": "RHSA-2025:10873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10873" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10874", "reference_id": "RHSA-2025:10874", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10874" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10875", "reference_id": "RHSA-2025:10875", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10875" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13656", "reference_id": "RHSA-2025:13656", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13656" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://usn.ubuntu.com/7668-1/", "reference_id": "USN-7668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7668-1/" }, { "reference_url": "https://usn.ubuntu.com/7669-1/", "reference_id": "USN-7669-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7669-1/" }, { "reference_url": "https://usn.ubuntu.com/7672-1/", "reference_id": "USN-7672-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7672-1/" }, { "reference_url": "https://usn.ubuntu.com/7673-1/", "reference_id": "USN-7673-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7673-1/" }, { "reference_url": "https://usn.ubuntu.com/7674-1/", "reference_id": "USN-7674-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7674-1/" }, { "reference_url": "https://usn.ubuntu.com/7690-1/", "reference_id": "USN-7690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7690-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" } ], "aliases": [ "CVE-2025-50059" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e6dm-6767-9kdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353681?format=api", "vulnerability_id": "VCID-jxgd-j4wr-tyb7", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34268.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34268.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34268", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01704", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01698", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05765", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34268" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34268", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34268" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894", "reference_id": "1134894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460043", "reference_id": "2460043", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460043" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T13:55:07Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11403", "reference_id": "RHSA-2026:11403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11655", "reference_id": "RHSA-2026:11655", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11655" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11822", "reference_id": "RHSA-2026:11822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11829", "reference_id": "RHSA-2026:11829", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11829" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11902", "reference_id": "RHSA-2026:11902", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11902" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9683", "reference_id": "RHSA-2026:9683", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9683" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9686", "reference_id": "RHSA-2026:9686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9689", "reference_id": "RHSA-2026:9689", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9689" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050409?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1" } ], "aliases": [ "CVE-2026-34268" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jxgd-j4wr-tyb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64941?format=api", "vulnerability_id": "VCID-mt9c-tby1-wqe9", "summary": "openjdk: Improve JMX connections (Oracle CPU 2026-01)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21925.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21925.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21925", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10163", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10114", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10215", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10194", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10172", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10229", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10125", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.102", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1026", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10292", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10251", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10232", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10104", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10082", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21925" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119", "reference_id": "1126119", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429924", "reference_id": "2429924", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429924" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2026.html", "reference_id": "cpujan2026.html", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:50:27Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0847", "reference_id": "RHSA-2026:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0848", "reference_id": "RHSA-2026:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0849", "reference_id": "RHSA-2026:0849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0895", "reference_id": "RHSA-2026:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0896", "reference_id": "RHSA-2026:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0896" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0897", "reference_id": "RHSA-2026:0897", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0897" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0898", "reference_id": "RHSA-2026:0898", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0898" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0899", "reference_id": "RHSA-2026:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0900", "reference_id": "RHSA-2026:0900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0901", "reference_id": "RHSA-2026:0901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0927", "reference_id": "RHSA-2026:0927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0928", "reference_id": "RHSA-2026:0928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0928" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0931", "reference_id": "RHSA-2026:0931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0932", "reference_id": "RHSA-2026:0932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0933", "reference_id": "RHSA-2026:0933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1606", "reference_id": "RHSA-2026:1606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4832", "reference_id": "RHSA-2026:4832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4832" }, { "reference_url": "https://usn.ubuntu.com/7995-1/", "reference_id": "USN-7995-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7995-1/" }, { "reference_url": "https://usn.ubuntu.com/7996-1/", "reference_id": "USN-7996-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7996-1/" }, { "reference_url": "https://usn.ubuntu.com/7997-1/", "reference_id": "USN-7997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7997-1/" }, { "reference_url": "https://usn.ubuntu.com/7998-1/", "reference_id": "USN-7998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7998-1/" }, { "reference_url": "https://usn.ubuntu.com/8000-1/", "reference_id": "USN-8000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8000-1/" }, { "reference_url": "https://usn.ubuntu.com/8001-1/", "reference_id": "USN-8001-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8001-1/" }, { "reference_url": "https://usn.ubuntu.com/8002-1/", "reference_id": "USN-8002-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8002-1/" }, { "reference_url": "https://usn.ubuntu.com/8003-1/", "reference_id": "USN-8003-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8003-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050409?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1" } ], "aliases": [ "CVE-2026-21925" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mt9c-tby1-wqe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71990?format=api", "vulnerability_id": "VCID-ntga-y6cv-a3df", "summary": "openjdk: Enhance array handling (Oracle CPU 2025-01)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21502.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21502.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-21502", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42064", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41858", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42008", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41948", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41942", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42092", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42029", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42081", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42094", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42116", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42079", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42054", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42104", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42078", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-21502" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21502", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21502" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338992", "reference_id": "2338992", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338992" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.16:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm:20.3.16:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.16:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.12:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm:21.3.12:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.12:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:23.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm_for_jdk:23.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:23.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:11.0.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:17.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:21.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:23.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u431:*:*:*:enterprise_performance:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:8u431:*:*:*:enterprise_performance:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u431:*:*:*:enterprise_performance:*:*:*" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2025.html", "reference_id": "cpujan2025.html", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T16:29:12Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2025.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0421", "reference_id": "RHSA-2025:0421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0422", "reference_id": "RHSA-2025:0422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0423", "reference_id": "RHSA-2025:0423", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0424", "reference_id": "RHSA-2025:0424", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0424" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0425", "reference_id": "RHSA-2025:0425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0425" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0426", "reference_id": "RHSA-2025:0426", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0426" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0427", "reference_id": "RHSA-2025:0427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0428", "reference_id": "RHSA-2025:0428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0429", "reference_id": "RHSA-2025:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1154", "reference_id": "RHSA-2025:1154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2615", "reference_id": "RHSA-2025:2615", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2615" }, { "reference_url": "https://usn.ubuntu.com/7252-1/", "reference_id": "USN-7252-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7252-1/" }, { "reference_url": "https://usn.ubuntu.com/7253-1/", "reference_id": "USN-7253-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7253-1/" }, { "reference_url": "https://usn.ubuntu.com/7254-1/", "reference_id": "USN-7254-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7254-1/" }, { "reference_url": "https://usn.ubuntu.com/7255-1/", "reference_id": "USN-7255-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7255-1/" }, { "reference_url": "https://usn.ubuntu.com/7338-1/", "reference_id": "USN-7338-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7338-1/" }, { "reference_url": "https://usn.ubuntu.com/7339-1/", "reference_id": "USN-7339-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7339-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" } ], "aliases": [ "CVE-2025-21502" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ntga-y6cv-a3df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66831?format=api", "vulnerability_id": "VCID-nxx8-nehy-qyhg", "summary": "openjdk: Enhance Path Factories (Oracle CPU 2025-10)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53066.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53066.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53066", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17286", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.16946", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17113", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17019", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17002", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17335", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17115", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17207", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17263", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17241", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17193", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17132", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17073", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17078", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53066" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118944", "reference_id": "1118944", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118944" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403063", "reference_id": "2403063", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403063" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "reference_id": "cpuoct2025.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-22T19:44:34Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2025.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18814", "reference_id": "RHSA-2025:18814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18814" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18815", "reference_id": "RHSA-2025:18815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18816", "reference_id": "RHSA-2025:18816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18817", "reference_id": "RHSA-2025:18817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18818", "reference_id": "RHSA-2025:18818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18819", "reference_id": "RHSA-2025:18819", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18819" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18820", "reference_id": "RHSA-2025:18820", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18820" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18821", "reference_id": "RHSA-2025:18821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18821" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18822", "reference_id": "RHSA-2025:18822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18823", "reference_id": "RHSA-2025:18823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18824", "reference_id": "RHSA-2025:18824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18825", "reference_id": "RHSA-2025:18825", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18825" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18826", "reference_id": "RHSA-2025:18826", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18826" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21485", "reference_id": "RHSA-2025:21485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22370", "reference_id": "RHSA-2025:22370", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22672", "reference_id": "RHSA-2025:22672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22672" }, { "reference_url": "https://usn.ubuntu.com/7881-1/", "reference_id": "USN-7881-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7881-1/" }, { "reference_url": "https://usn.ubuntu.com/7882-1/", "reference_id": "USN-7882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7882-1/" }, { "reference_url": "https://usn.ubuntu.com/7883-1/", "reference_id": "USN-7883-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7883-1/" }, { "reference_url": "https://usn.ubuntu.com/7884-1/", "reference_id": "USN-7884-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7884-1/" }, { "reference_url": "https://usn.ubuntu.com/7885-1/", "reference_id": "USN-7885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7885-1/" }, { "reference_url": "https://usn.ubuntu.com/7900-1/", "reference_id": "USN-7900-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7900-1/" }, { "reference_url": "https://usn.ubuntu.com/7901-1/", "reference_id": "USN-7901-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7901-1/" }, { "reference_url": "https://usn.ubuntu.com/7902-1/", "reference_id": "USN-7902-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7902-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" } ], "aliases": [ "CVE-2025-53066" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nxx8-nehy-qyhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68624?format=api", "vulnerability_id": "VCID-p9na-7jta-9yg4", "summary": "openjdk: Enhance TLS protocol support (Oracle CPU 2025-07)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30754.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30754.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25474", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.3003", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29952", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29988", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30077", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29891", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30002", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30304", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30194", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30078", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30396", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30352", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30305", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30321", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30754" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376784", "reference_id": "2376784", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376784" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2025.html", "reference_id": "cpujul2025.html", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-16T15:31:20Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2025.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10861", "reference_id": "RHSA-2025:10861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10862", "reference_id": "RHSA-2025:10862", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10863", "reference_id": "RHSA-2025:10863", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10864", "reference_id": "RHSA-2025:10864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10865", "reference_id": "RHSA-2025:10865", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10865" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10866", "reference_id": "RHSA-2025:10866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10867", "reference_id": "RHSA-2025:10867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10868", "reference_id": "RHSA-2025:10868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10869", "reference_id": "RHSA-2025:10869", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10869" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10870", "reference_id": "RHSA-2025:10870", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10870" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10873", "reference_id": "RHSA-2025:10873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10873" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10874", "reference_id": "RHSA-2025:10874", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10874" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10875", "reference_id": "RHSA-2025:10875", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10875" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13656", "reference_id": "RHSA-2025:13656", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13656" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13675", "reference_id": "RHSA-2025:13675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13675" }, { "reference_url": "https://usn.ubuntu.com/7667-1/", "reference_id": "USN-7667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7667-1/" }, { "reference_url": "https://usn.ubuntu.com/7668-1/", "reference_id": "USN-7668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7668-1/" }, { "reference_url": "https://usn.ubuntu.com/7669-1/", "reference_id": "USN-7669-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7669-1/" }, { "reference_url": "https://usn.ubuntu.com/7672-1/", "reference_id": "USN-7672-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7672-1/" }, { "reference_url": "https://usn.ubuntu.com/7673-1/", "reference_id": "USN-7673-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7673-1/" }, { "reference_url": "https://usn.ubuntu.com/7674-1/", "reference_id": "USN-7674-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7674-1/" }, { "reference_url": "https://usn.ubuntu.com/7690-1/", "reference_id": "USN-7690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7690-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" } ], "aliases": [ "CVE-2025-30754" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p9na-7jta-9yg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353829?format=api", "vulnerability_id": "VCID-sz6r-65q1-q3bh", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22021.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22021.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22021", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11666", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11627", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14332", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22021" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894", "reference_id": "1134894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460042", "reference_id": "2460042", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460042" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T13:58:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11403", "reference_id": "RHSA-2026:11403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11655", "reference_id": "RHSA-2026:11655", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11655" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11822", "reference_id": "RHSA-2026:11822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11829", "reference_id": "RHSA-2026:11829", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11829" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11902", "reference_id": "RHSA-2026:11902", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11902" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9683", "reference_id": "RHSA-2026:9683", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9683" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9686", "reference_id": "RHSA-2026:9686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9689", "reference_id": "RHSA-2026:9689", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9689" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050409?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1" } ], "aliases": [ "CVE-2026-22021" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sz6r-65q1-q3bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70363?format=api", "vulnerability_id": "VCID-u81s-cs95-4yhx", "summary": "openjdk: Better TLS connection support (Oracle CPU 2025-04)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21587.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21587.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-21587", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.687", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.68837", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.68776", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.68825", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.6883", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.68718", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.68696", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.68748", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.68767", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.68789", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.68775", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.68746", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.68788", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.68798", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-21587" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21587" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103897", "reference_id": "1103897", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103897" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103898", "reference_id": "1103898", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103898" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103899", "reference_id": "1103899", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103899" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103900", "reference_id": "1103900", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103900" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359695", "reference_id": "2359695", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359695" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2025.html", "reference_id": "cpuapr2025.html", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-17T03:55:41Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2025.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3844", "reference_id": "RHSA-2025:3844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3845", "reference_id": "RHSA-2025:3845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3846", "reference_id": "RHSA-2025:3846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3847", "reference_id": "RHSA-2025:3847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3848", "reference_id": "RHSA-2025:3848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3849", "reference_id": "RHSA-2025:3849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3850", "reference_id": "RHSA-2025:3850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3852", "reference_id": "RHSA-2025:3852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3853", "reference_id": "RHSA-2025:3853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3854", "reference_id": "RHSA-2025:3854", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3854" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3855", "reference_id": "RHSA-2025:3855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3856", "reference_id": "RHSA-2025:3856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3857", "reference_id": "RHSA-2025:3857", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7508", "reference_id": "RHSA-2025:7508", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8063", "reference_id": "RHSA-2025:8063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8431", "reference_id": "RHSA-2025:8431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8431" }, { "reference_url": "https://usn.ubuntu.com/7480-1/", "reference_id": "USN-7480-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7480-1/" }, { "reference_url": "https://usn.ubuntu.com/7481-1/", "reference_id": "USN-7481-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7481-1/" }, { "reference_url": "https://usn.ubuntu.com/7482-1/", "reference_id": "USN-7482-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7482-1/" }, { "reference_url": "https://usn.ubuntu.com/7483-1/", "reference_id": "USN-7483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7483-1/" }, { "reference_url": "https://usn.ubuntu.com/7484-1/", "reference_id": "USN-7484-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7484-1/" }, { "reference_url": "https://usn.ubuntu.com/7531-1/", "reference_id": "USN-7531-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7531-1/" }, { "reference_url": "https://usn.ubuntu.com/7533-1/", "reference_id": "USN-7533-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7533-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" } ], "aliases": [ "CVE-2025-21587" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u81s-cs95-4yhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68627?format=api", "vulnerability_id": "VCID-vbw8-4j9f-eya5", "summary": "openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50106.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50106.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-50106", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42096", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46067", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46091", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46089", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46088", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46035", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49213", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49288", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49246", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49255", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49267", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.4924", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49245", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49292", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-50106" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50106", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50106" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379031", "reference_id": "2379031", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379031" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2025.html", "reference_id": "cpujul2025.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-15T20:22:48Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2025.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10861", "reference_id": "RHSA-2025:10861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10862", "reference_id": "RHSA-2025:10862", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10863", "reference_id": "RHSA-2025:10863", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10864", "reference_id": "RHSA-2025:10864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10865", "reference_id": "RHSA-2025:10865", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10865" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10866", "reference_id": "RHSA-2025:10866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10867", "reference_id": "RHSA-2025:10867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10868", "reference_id": "RHSA-2025:10868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10869", "reference_id": "RHSA-2025:10869", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10869" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10870", "reference_id": "RHSA-2025:10870", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10870" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10873", "reference_id": "RHSA-2025:10873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10873" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10874", "reference_id": "RHSA-2025:10874", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10874" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10875", "reference_id": "RHSA-2025:10875", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10875" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13656", "reference_id": "RHSA-2025:13656", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13656" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13675", "reference_id": "RHSA-2025:13675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://usn.ubuntu.com/7667-1/", "reference_id": "USN-7667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7667-1/" }, { "reference_url": "https://usn.ubuntu.com/7668-1/", "reference_id": "USN-7668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7668-1/" }, { "reference_url": "https://usn.ubuntu.com/7669-1/", "reference_id": "USN-7669-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7669-1/" }, { "reference_url": "https://usn.ubuntu.com/7672-1/", "reference_id": "USN-7672-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7672-1/" }, { "reference_url": "https://usn.ubuntu.com/7673-1/", "reference_id": "USN-7673-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7673-1/" }, { "reference_url": "https://usn.ubuntu.com/7674-1/", "reference_id": "USN-7674-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7674-1/" }, { "reference_url": "https://usn.ubuntu.com/7690-1/", "reference_id": "USN-7690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7690-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" } ], "aliases": [ "CVE-2025-50106" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vbw8-4j9f-eya5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31978?format=api", "vulnerability_id": "VCID-vpnc-yu7r-bqb6", "summary": "Multiple vulnerabilities have been discovered in OpenJDK, the worst of which could lead to remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21208.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21208.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21208", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16849", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17012", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16915", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16899", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1719", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17241", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17021", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17111", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17169", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17144", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17096", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17036", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16971", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16975", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21208" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21208", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21208" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085696", "reference_id": "1085696", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085696" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318526", "reference_id": "2318526", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318526" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*" }, { "reference_url": "https://security.gentoo.org/glsa/202412-07", "reference_id": "GLSA-202412-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10926", "reference_id": "RHSA-2024:10926", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8116", "reference_id": "RHSA-2024:8116", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8116" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8117", "reference_id": "RHSA-2024:8117", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8117" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8118", "reference_id": "RHSA-2024:8118", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8118" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8119", "reference_id": "RHSA-2024:8119", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8119" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8120", "reference_id": "RHSA-2024:8120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8121", "reference_id": "RHSA-2024:8121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8122", "reference_id": "RHSA-2024:8122", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8122" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8123", "reference_id": "RHSA-2024:8123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8124", "reference_id": "RHSA-2024:8124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8125", "reference_id": "RHSA-2024:8125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8126", "reference_id": "RHSA-2024:8126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8127", "reference_id": "RHSA-2024:8127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8127" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8128", "reference_id": "RHSA-2024:8128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8129", "reference_id": "RHSA-2024:8129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8129" }, { "reference_url": "https://usn.ubuntu.com/7096-1/", "reference_id": "USN-7096-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7096-1/" }, { "reference_url": "https://usn.ubuntu.com/7097-1/", "reference_id": "USN-7097-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7097-1/" }, { "reference_url": "https://usn.ubuntu.com/7098-1/", "reference_id": "USN-7098-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7098-1/" }, { "reference_url": "https://usn.ubuntu.com/7099-1/", "reference_id": "USN-7099-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7099-1/" }, { "reference_url": "https://usn.ubuntu.com/7124-1/", "reference_id": "USN-7124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7124-1/" }, { "reference_url": "https://usn.ubuntu.com/7338-1/", "reference_id": "USN-7338-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7338-1/" }, { "reference_url": "https://usn.ubuntu.com/7339-1/", "reference_id": "USN-7339-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7339-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" } ], "aliases": [ "CVE-2024-21208" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vpnc-yu7r-bqb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353832?format=api", "vulnerability_id": "VCID-xte1-h9nn-4bbk", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22018.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22018.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11666", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11627", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14332", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22018" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22018", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22018" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894", "reference_id": "1134894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460041", "reference_id": "2460041", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460041" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:52Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11403", "reference_id": "RHSA-2026:11403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11655", "reference_id": "RHSA-2026:11655", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11655" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11822", "reference_id": "RHSA-2026:11822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11829", "reference_id": "RHSA-2026:11829", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11829" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11902", "reference_id": "RHSA-2026:11902", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11902" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9683", "reference_id": "RHSA-2026:9683", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9683" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9686", "reference_id": "RHSA-2026:9686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9689", "reference_id": "RHSA-2026:9689", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9689" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050409?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1" } ], "aliases": [ "CVE-2026-22018" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xte1-h9nn-4bbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70362?format=api", "vulnerability_id": "VCID-y8bc-k5qu-c7f5", "summary": "openjdk: Improve compiler transformations (Oracle CPU 2025-04)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30691.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30691.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30691", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58784", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.5881", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58846", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58811", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58826", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58805", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58827", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58833", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58851", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58814", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30691" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103897", "reference_id": "1103897", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103897" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103898", "reference_id": "1103898", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103898" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103899", "reference_id": "1103899", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103899" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103900", "reference_id": "1103900", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103900" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359694", "reference_id": "2359694", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359694" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2025.html", "reference_id": "cpuapr2025.html", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:24:18Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2025.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3844", "reference_id": "RHSA-2025:3844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3845", "reference_id": "RHSA-2025:3845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3846", "reference_id": "RHSA-2025:3846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3847", "reference_id": "RHSA-2025:3847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3848", "reference_id": "RHSA-2025:3848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3849", "reference_id": "RHSA-2025:3849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3850", "reference_id": "RHSA-2025:3850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3852", "reference_id": "RHSA-2025:3852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3853", "reference_id": "RHSA-2025:3853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3854", "reference_id": "RHSA-2025:3854", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3854" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3855", "reference_id": "RHSA-2025:3855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3856", "reference_id": "RHSA-2025:3856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3857", "reference_id": "RHSA-2025:3857", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7508", "reference_id": "RHSA-2025:7508", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7508" }, { "reference_url": "https://usn.ubuntu.com/7480-1/", "reference_id": "USN-7480-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7480-1/" }, { "reference_url": "https://usn.ubuntu.com/7481-1/", "reference_id": "USN-7481-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7481-1/" }, { "reference_url": "https://usn.ubuntu.com/7482-1/", "reference_id": "USN-7482-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7482-1/" }, { "reference_url": "https://usn.ubuntu.com/7483-1/", "reference_id": "USN-7483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7483-1/" }, { "reference_url": "https://usn.ubuntu.com/7484-1/", "reference_id": "USN-7484-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7484-1/" }, { "reference_url": "https://usn.ubuntu.com/7531-1/", "reference_id": "USN-7531-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7531-1/" }, { "reference_url": "https://usn.ubuntu.com/7533-1/", "reference_id": "USN-7533-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7533-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" } ], "aliases": [ "CVE-2025-30691" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y8bc-k5qu-c7f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31979?format=api", "vulnerability_id": "VCID-z356-tw9t-q7bp", "summary": "Multiple vulnerabilities have been discovered in OpenJDK, the worst of which could lead to remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21210.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21210.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34291", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34631", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34394", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34375", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34732", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34758", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34636", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34679", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34708", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34711", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34672", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34648", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34685", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34671", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21210" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21210", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21210" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085696", "reference_id": "1085696", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085696" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318524", "reference_id": "2318524", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318524" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*" }, { "reference_url": "https://security.gentoo.org/glsa/202412-07", "reference_id": "GLSA-202412-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10926", "reference_id": "RHSA-2024:10926", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8116", "reference_id": "RHSA-2024:8116", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8116" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8117", "reference_id": "RHSA-2024:8117", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8117" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8118", "reference_id": "RHSA-2024:8118", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8118" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8119", "reference_id": "RHSA-2024:8119", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8119" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8120", "reference_id": "RHSA-2024:8120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8121", "reference_id": "RHSA-2024:8121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8122", "reference_id": "RHSA-2024:8122", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8122" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8123", "reference_id": "RHSA-2024:8123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8124", "reference_id": "RHSA-2024:8124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8125", "reference_id": "RHSA-2024:8125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8126", "reference_id": "RHSA-2024:8126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8127", "reference_id": "RHSA-2024:8127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8127" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8128", "reference_id": "RHSA-2024:8128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8129", "reference_id": "RHSA-2024:8129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8129" }, { "reference_url": "https://usn.ubuntu.com/7096-1/", "reference_id": "USN-7096-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7096-1/" }, { "reference_url": "https://usn.ubuntu.com/7097-1/", "reference_id": "USN-7097-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7097-1/" }, { "reference_url": "https://usn.ubuntu.com/7098-1/", "reference_id": "USN-7098-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7098-1/" }, { "reference_url": "https://usn.ubuntu.com/7099-1/", "reference_id": "USN-7099-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7099-1/" }, { "reference_url": "https://usn.ubuntu.com/7124-1/", "reference_id": "USN-7124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7124-1/" }, { "reference_url": "https://usn.ubuntu.com/7338-1/", "reference_id": "USN-7338-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7338-1/" }, { "reference_url": "https://usn.ubuntu.com/7339-1/", "reference_id": "USN-7339-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7339-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" } ], "aliases": [ "CVE-2024-21210" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z356-tw9t-q7bp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353820?format=api", "vulnerability_id": "VCID-zsun-4q6p-8fek", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22013.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22013.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12118", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12084", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16002", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22013" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894", "reference_id": "1134894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460040", "reference_id": "2460040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460040" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:09:34Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11403", "reference_id": "RHSA-2026:11403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11655", "reference_id": "RHSA-2026:11655", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11655" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11822", "reference_id": "RHSA-2026:11822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11829", "reference_id": "RHSA-2026:11829", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11829" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11902", "reference_id": "RHSA-2026:11902", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11902" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9683", "reference_id": "RHSA-2026:9683", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9683" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9686", "reference_id": "RHSA-2026:9686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9689", "reference_id": "RHSA-2026:9689", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9689" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050408?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-4snj-etwf-eqe8" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-apsn-z1br-3bdy" }, { "vulnerability": "VCID-duy9-6f1p-vqah" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-mt9c-tby1-wqe9" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050409?format=api", "purl": "pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1" } ], "aliases": [ "CVE-2026-22013" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zsun-4q6p-8fek" } ], "fixing_vulnerabilities": [], "risk_score": "3.9", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.12%252B7-2~deb11u1" }