Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1055828?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1055828?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "type": "deb", "namespace": "debian", "name": "openssh", "version": "1:9.2p1-2+deb12u7", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:9.2p1-2+deb12u9", "latest_non_vulnerable_version": "1:10.3p1-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349222?format=api", "vulnerability_id": "VCID-792n-jkzj-qqhd", "summary": "In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35385.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35385.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35385", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1055", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10687", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11582", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11716", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11771", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11782", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11743", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11718", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1158", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35385" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132572", "reference_id": "1132572", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132572" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454469", "reference_id": "2454469", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454469" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/04/02/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:06:07Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/04/02/3" }, { "reference_url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2", "reference_id": "?l=openssh-unix-dev&m=177513443901484&w=2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:06:07Z/" } ], "url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2" }, { "reference_url": "https://www.openssh.org/releasenotes.html#10.3p1", "reference_id": "releasenotes.html#10.3p1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:06:07Z/" } ], "url": "https://www.openssh.org/releasenotes.html#10.3p1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1055829?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068120?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068121?format=api", "purl": "pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.0p1-7%252Bdeb13u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1055831?format=api", "purl": "pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.2p1-2~bpo13%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062956?format=api", "purl": "pkg:deb/debian/openssh@1:10.3p1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.3p1-1" } ], "aliases": [ "CVE-2026-35385" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-792n-jkzj-qqhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349220?format=api", "vulnerability_id": "VCID-8efr-budq-6bb6", "summary": "OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35414.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35414.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35414", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03583", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03573", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04506", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04491", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05159", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0524", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05224", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05211", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05157", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35414" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132576", "reference_id": "1132576", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132576" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454490", "reference_id": "2454490", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454490" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/04/02/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:42:45Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/04/02/3" }, { "reference_url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2", "reference_id": "?l=openssh-unix-dev&m=177513443901484&w=2", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:42:45Z/" } ], "url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2" }, { "reference_url": "https://www.openssh.org/releasenotes.html#10.3p1", "reference_id": "releasenotes.html#10.3p1", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:42:45Z/" } ], "url": "https://www.openssh.org/releasenotes.html#10.3p1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1055829?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068120?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068121?format=api", "purl": "pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.0p1-7%252Bdeb13u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1055831?format=api", "purl": "pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.2p1-2~bpo13%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062956?format=api", "purl": "pkg:deb/debian/openssh@1:10.3p1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.3p1-1" } ], "aliases": [ "CVE-2026-35414" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8efr-budq-6bb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349224?format=api", "vulnerability_id": "VCID-a4eq-r71a-buhm", "summary": "In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35386.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35386.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35386", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00508", "published_at": "2026-04-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0051", "published_at": "2026-04-04T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00661", "published_at": "2026-04-18T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00678", "published_at": "2026-04-08T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.0067", "published_at": "2026-04-11T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00663", "published_at": "2026-04-12T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00664", "published_at": "2026-04-13T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00656", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35386" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132573", "reference_id": "1132573", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132573" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454506", "reference_id": "2454506", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454506" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/04/02/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:12:12Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/04/02/3" }, { "reference_url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2", "reference_id": "?l=openssh-unix-dev&m=177513443901484&w=2", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:12:12Z/" } ], "url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2" }, { "reference_url": "https://www.openssh.org/releasenotes.html#10.3p1", "reference_id": "releasenotes.html#10.3p1", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:12:12Z/" } ], "url": "https://www.openssh.org/releasenotes.html#10.3p1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1055829?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068120?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068121?format=api", "purl": "pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.0p1-7%252Bdeb13u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1055831?format=api", "purl": "pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.2p1-2~bpo13%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062956?format=api", "purl": "pkg:deb/debian/openssh@1:10.3p1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.3p1-1" } ], "aliases": [ "CVE-2026-35386" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a4eq-r71a-buhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67063?format=api", "vulnerability_id": "VCID-a7m6-uqbt-nqd9", "summary": "openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61985.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61985.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03681", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03634", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03694", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03706", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0371", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03732", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03671", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03644", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03622", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61985" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61985", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61985" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2025/10/06/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2025/10/06/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117530", "reference_id": "1117530", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117530" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401962", "reference_id": "2401962", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401962" }, { "reference_url": "https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2", "reference_id": "?l=openssh-unix-dev&m=175974522032149&w=2", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/" } ], "url": "https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2" }, { "reference_url": "https://www.openssh.com/releasenotes.html#10.1p1", "reference_id": "releasenotes.html#10.1p1", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/" } ], "url": "https://www.openssh.com/releasenotes.html#10.1p1" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23479", "reference_id": "RHSA-2025:23479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23480", "reference_id": "RHSA-2025:23480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23481", "reference_id": "RHSA-2025:23481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0685", "reference_id": "RHSA-2026:0685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0693", "reference_id": "RHSA-2026:0693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0976", "reference_id": "RHSA-2026:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1678", "reference_id": "RHSA-2026:1678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1790", "reference_id": "RHSA-2026:1790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1815", "reference_id": "RHSA-2026:1815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1858", "reference_id": "RHSA-2026:1858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1858" }, { "reference_url": "https://usn.ubuntu.com/8090-1/", "reference_id": "USN-8090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8090-1/" }, { "reference_url": "https://usn.ubuntu.com/8090-2/", "reference_id": "USN-8090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8090-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1055829?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068120?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9" } ], "aliases": [ "CVE-2025-61985" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7m6-uqbt-nqd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64289?format=api", "vulnerability_id": "VCID-ajmg-5kgx-k7h5", "summary": "openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3497.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3497.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09146", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09198", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09123", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09203", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09232", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09235", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10136", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10288", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10161", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3497" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3497", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3497" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130595", "reference_id": "1130595", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130595" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447085", "reference_id": "2447085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447085" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/03/12/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:04:05Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/03/12/3" }, { "reference_url": "https://ubuntu.com/security/CVE-2026-3497", "reference_id": "CVE-2026-3497", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:04:05Z/" } ], "url": "https://ubuntu.com/security/CVE-2026-3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6461", "reference_id": "RHSA-2026:6461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6462", "reference_id": "RHSA-2026:6462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6463", "reference_id": "RHSA-2026:6463", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6463" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7107", "reference_id": "RHSA-2026:7107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7107" }, { "reference_url": "https://usn.ubuntu.com/8090-1/", "reference_id": "USN-8090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8090-1/" }, { "reference_url": "https://usn.ubuntu.com/8090-2/", "reference_id": "USN-8090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8090-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1055829?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068120?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068121?format=api", "purl": "pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.0p1-7%252Bdeb13u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1055831?format=api", "purl": "pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.2p1-2~bpo13%252B1" } ], "aliases": [ "CVE-2026-3497" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ajmg-5kgx-k7h5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349223?format=api", "vulnerability_id": "VCID-bnrq-2fsr-mfgd", "summary": "OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35388.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35388.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35388", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01324", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01312", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01597", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01612", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01619", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01604", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01595", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01594", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01583", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35388" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35388", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35388" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132575", "reference_id": "1132575", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132575" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454500", "reference_id": "2454500", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454500" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/04/02/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:46:05Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/04/02/3" }, { "reference_url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2", "reference_id": "?l=openssh-unix-dev&m=177513443901484&w=2", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:46:05Z/" } ], "url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2" }, { "reference_url": "https://www.openssh.org/releasenotes.html#10.3p1", "reference_id": "releasenotes.html#10.3p1", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:46:05Z/" } ], "url": "https://www.openssh.org/releasenotes.html#10.3p1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1055829?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068120?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068121?format=api", "purl": "pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.0p1-7%252Bdeb13u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1055831?format=api", "purl": "pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.2p1-2~bpo13%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062956?format=api", "purl": "pkg:deb/debian/openssh@1:10.3p1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.3p1-1" } ], "aliases": [ "CVE-2026-35388" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bnrq-2fsr-mfgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349401?format=api", "vulnerability_id": "VCID-kgn5-p8kx-qucj", "summary": "OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35387.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35387.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35387", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07582", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07559", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08638", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08673", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08676", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08651", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08515", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08528", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35387" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35387" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132574", "reference_id": "1132574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132574" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454494", "reference_id": "2454494", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454494" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/04/02/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:07:49Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/04/02/3" }, { "reference_url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2", "reference_id": "?l=openssh-unix-dev&m=177513443901484&w=2", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:07:49Z/" } ], "url": "https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2" }, { "reference_url": "https://www.openssh.org/releasenotes.html#10.3p1", "reference_id": "releasenotes.html#10.3p1", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:07:49Z/" } ], "url": "https://www.openssh.org/releasenotes.html#10.3p1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1055829?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068120?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068121?format=api", "purl": "pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.0p1-7%252Bdeb13u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1055831?format=api", "purl": "pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.2p1-2~bpo13%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062956?format=api", "purl": "pkg:deb/debian/openssh@1:10.3p1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.3p1-1" } ], "aliases": [ "CVE-2026-35387" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kgn5-p8kx-qucj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67062?format=api", "vulnerability_id": "VCID-wga4-sqwk-4bfj", "summary": "openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61984.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61984.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01186", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01197", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01193", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01201", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01208", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01211", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01198", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01195", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01184", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61984" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2025/10/06/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2025/10/06/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117529", "reference_id": "1117529", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117529" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401960", "reference_id": "2401960", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401960" }, { "reference_url": "https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2", "reference_id": "?l=openssh-unix-dev&m=175974522032149&w=2", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/" } ], "url": "https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2" }, { "reference_url": "https://www.openssh.com/releasenotes.html#10.1p1", "reference_id": "releasenotes.html#10.1p1", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/" } ], "url": "https://www.openssh.com/releasenotes.html#10.1p1" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23479", "reference_id": "RHSA-2025:23479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23480", "reference_id": "RHSA-2025:23480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23481", "reference_id": "RHSA-2025:23481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0685", "reference_id": "RHSA-2026:0685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0693", "reference_id": "RHSA-2026:0693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0976", "reference_id": "RHSA-2026:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1678", "reference_id": "RHSA-2026:1678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1790", "reference_id": "RHSA-2026:1790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1815", "reference_id": "RHSA-2026:1815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1858", "reference_id": "RHSA-2026:1858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1858" }, { "reference_url": "https://usn.ubuntu.com/8090-1/", "reference_id": "USN-8090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8090-1/" }, { "reference_url": "https://usn.ubuntu.com/8090-2/", "reference_id": "USN-8090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8090-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1055829?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068120?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9" } ], "aliases": [ "CVE-2025-61984" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wga4-sqwk-4bfj" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67063?format=api", "vulnerability_id": "VCID-a7m6-uqbt-nqd9", "summary": "openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61985.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61985.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03681", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03634", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03694", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03706", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0371", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03732", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03671", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03644", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03622", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61985" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61985", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61985" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2025/10/06/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2025/10/06/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117530", "reference_id": "1117530", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117530" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401962", "reference_id": "2401962", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401962" }, { "reference_url": "https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2", "reference_id": "?l=openssh-unix-dev&m=175974522032149&w=2", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/" } ], "url": "https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2" }, { "reference_url": "https://www.openssh.com/releasenotes.html#10.1p1", "reference_id": "releasenotes.html#10.1p1", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/" } ], "url": "https://www.openssh.com/releasenotes.html#10.1p1" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23479", "reference_id": "RHSA-2025:23479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23480", "reference_id": "RHSA-2025:23480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23481", "reference_id": "RHSA-2025:23481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0685", "reference_id": "RHSA-2026:0685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0693", "reference_id": "RHSA-2026:0693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0976", "reference_id": "RHSA-2026:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1678", "reference_id": "RHSA-2026:1678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1790", "reference_id": "RHSA-2026:1790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1815", "reference_id": "RHSA-2026:1815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1858", "reference_id": "RHSA-2026:1858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1858" }, { "reference_url": "https://usn.ubuntu.com/8090-1/", "reference_id": "USN-8090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8090-1/" }, { "reference_url": "https://usn.ubuntu.com/8090-2/", "reference_id": "USN-8090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8090-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1055828?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-792n-jkzj-qqhd" }, { "vulnerability": "VCID-8efr-budq-6bb6" }, { "vulnerability": "VCID-a4eq-r71a-buhm" }, { "vulnerability": "VCID-a7m6-uqbt-nqd9" }, { "vulnerability": "VCID-ajmg-5kgx-k7h5" }, { "vulnerability": "VCID-bnrq-2fsr-mfgd" }, { "vulnerability": "VCID-kgn5-p8kx-qucj" }, { "vulnerability": "VCID-wga4-sqwk-4bfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1055829?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068120?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9" } ], "aliases": [ "CVE-2025-61985" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7m6-uqbt-nqd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64289?format=api", "vulnerability_id": "VCID-ajmg-5kgx-k7h5", "summary": "openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3497.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3497.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09146", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09198", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09123", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09203", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09232", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09235", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10136", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10288", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10161", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3497" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3497", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3497" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130595", "reference_id": "1130595", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130595" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447085", "reference_id": "2447085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447085" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/03/12/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:04:05Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/03/12/3" }, { "reference_url": "https://ubuntu.com/security/CVE-2026-3497", "reference_id": "CVE-2026-3497", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:04:05Z/" } ], "url": "https://ubuntu.com/security/CVE-2026-3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6461", "reference_id": "RHSA-2026:6461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6462", "reference_id": "RHSA-2026:6462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6463", "reference_id": "RHSA-2026:6463", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6463" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7107", "reference_id": "RHSA-2026:7107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7107" }, { "reference_url": "https://usn.ubuntu.com/8090-1/", "reference_id": "USN-8090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8090-1/" }, { "reference_url": "https://usn.ubuntu.com/8090-2/", "reference_id": "USN-8090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8090-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1055828?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-792n-jkzj-qqhd" }, { "vulnerability": "VCID-8efr-budq-6bb6" }, { "vulnerability": "VCID-a4eq-r71a-buhm" }, { "vulnerability": "VCID-a7m6-uqbt-nqd9" }, { "vulnerability": "VCID-ajmg-5kgx-k7h5" }, { "vulnerability": "VCID-bnrq-2fsr-mfgd" }, { "vulnerability": "VCID-kgn5-p8kx-qucj" }, { "vulnerability": "VCID-wga4-sqwk-4bfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1055829?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068120?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068121?format=api", "purl": "pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.0p1-7%252Bdeb13u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1055831?format=api", "purl": "pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.2p1-2~bpo13%252B1" } ], "aliases": [ "CVE-2026-3497" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ajmg-5kgx-k7h5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79589?format=api", "vulnerability_id": "VCID-b4uc-yh56-muej", "summary": "openssh: possible bypass of fido 2 devices and ssh-askpass", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36368.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36368.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36368", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60245", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60322", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60348", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60317", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60366", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60381", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67331", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67333", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67319", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67284", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36368" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086690", "reference_id": "2086690", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086690" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1055828?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-792n-jkzj-qqhd" }, { "vulnerability": "VCID-8efr-budq-6bb6" }, { "vulnerability": "VCID-a4eq-r71a-buhm" }, { "vulnerability": "VCID-a7m6-uqbt-nqd9" }, { "vulnerability": "VCID-ajmg-5kgx-k7h5" }, { "vulnerability": "VCID-bnrq-2fsr-mfgd" }, { "vulnerability": "VCID-kgn5-p8kx-qucj" }, { "vulnerability": "VCID-wga4-sqwk-4bfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" } ], "aliases": [ "CVE-2021-36368" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b4uc-yh56-muej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47189?format=api", "vulnerability_id": "VCID-ha8v-pqwf-r3a1", "summary": "Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to gain unauthorized access.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26465.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26465.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26465", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.73605", "scoring_system": "epss", "scoring_elements": "0.98804", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.73605", "scoring_system": "epss", "scoring_elements": "0.98814", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.73605", "scoring_system": "epss", "scoring_elements": "0.98809", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.73605", "scoring_system": "epss", "scoring_elements": "0.98808", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.73605", "scoring_system": "epss", "scoring_elements": "0.98807", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.73605", "scoring_system": "epss", "scoring_elements": "0.98813", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.73977", "scoring_system": "epss", "scoring_elements": "0.98818", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.73977", "scoring_system": "epss", "scoring_elements": "0.98815", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26465" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26465" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://seclists.org/oss-sec/2025/q1/144", "reference_id": "144", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://seclists.org/oss-sec/2025/q1/144" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344780", "reference_id": "2344780", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344780" }, { "reference_url": "https://access.redhat.com/solutions/7109879", "reference_id": "7109879", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://access.redhat.com/solutions/7109879" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9", "reference_id": "cpe:/a:redhat:discovery:1.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-26465", "reference_id": "CVE-2025-26465", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-26465" }, { "reference_url": "https://security.gentoo.org/glsa/202502-01", "reference_id": "GLSA-202502-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202502-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16823", "reference_id": "RHSA-2025:16823", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:16823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3837", "reference_id": "RHSA-2025:3837", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6993", "reference_id": "RHSA-2025:6993", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6993" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8385", "reference_id": "RHSA-2025:8385", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8385" }, { "reference_url": "https://usn.ubuntu.com/7270-1/", "reference_id": "USN-7270-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7270-1/" }, { "reference_url": "https://usn.ubuntu.com/7270-2/", "reference_id": "USN-7270-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7270-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1055828?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-792n-jkzj-qqhd" }, { "vulnerability": "VCID-8efr-budq-6bb6" }, { "vulnerability": "VCID-a4eq-r71a-buhm" }, { "vulnerability": "VCID-a7m6-uqbt-nqd9" }, { "vulnerability": "VCID-ajmg-5kgx-k7h5" }, { "vulnerability": "VCID-bnrq-2fsr-mfgd" }, { "vulnerability": "VCID-kgn5-p8kx-qucj" }, { "vulnerability": "VCID-wga4-sqwk-4bfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" } ], "aliases": [ "CVE-2025-26465" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ha8v-pqwf-r3a1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70416?format=api", "vulnerability_id": "VCID-hse5-y15y-n3dw", "summary": "openssh: OpenSSH SSHD Agent Forwarding and X11 Forwarding", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32728.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32728.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50759", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50842", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50785", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50741", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50797", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50794", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50837", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50813", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50835", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32728" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32728", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32728" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig", "reference_id": "013_ssh.patch.sig", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/" } ], "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig" }, { "reference_url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html", "reference_id": "041879.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/" } ], "url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102603", "reference_id": "1102603", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102603" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358767", "reference_id": "2358767", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358767" }, { "reference_url": "https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367", "reference_id": "fc86875e6acb36401dfc1dfb6b628a9d1460f367", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/" } ], "url": "https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367" }, { "reference_url": "https://www.openssh.com/txt/release-10.0", "reference_id": "release-10.0", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/" } ], "url": "https://www.openssh.com/txt/release-10.0" }, { "reference_url": "https://www.openssh.com/txt/release-7.4", "reference_id": "release-7.4", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/" } ], "url": "https://www.openssh.com/txt/release-7.4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20126", "reference_id": "RHSA-2025:20126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20126" }, { "reference_url": "https://usn.ubuntu.com/7457-1/", "reference_id": "USN-7457-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7457-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1055828?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-792n-jkzj-qqhd" }, { "vulnerability": "VCID-8efr-budq-6bb6" }, { "vulnerability": "VCID-a4eq-r71a-buhm" }, { "vulnerability": "VCID-a7m6-uqbt-nqd9" }, { "vulnerability": "VCID-ajmg-5kgx-k7h5" }, { "vulnerability": "VCID-bnrq-2fsr-mfgd" }, { "vulnerability": "VCID-kgn5-p8kx-qucj" }, { "vulnerability": "VCID-wga4-sqwk-4bfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" } ], "aliases": [ "CVE-2025-32728" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hse5-y15y-n3dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67062?format=api", "vulnerability_id": "VCID-wga4-sqwk-4bfj", "summary": "openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61984.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61984.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01186", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01197", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01193", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01201", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01208", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01211", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01198", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01195", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01184", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61984" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2025/10/06/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2025/10/06/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117529", "reference_id": "1117529", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117529" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401960", "reference_id": "2401960", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401960" }, { "reference_url": "https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2", "reference_id": "?l=openssh-unix-dev&m=175974522032149&w=2", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/" } ], "url": "https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2" }, { "reference_url": "https://www.openssh.com/releasenotes.html#10.1p1", "reference_id": "releasenotes.html#10.1p1", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/" } ], "url": "https://www.openssh.com/releasenotes.html#10.1p1" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23479", "reference_id": "RHSA-2025:23479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23480", "reference_id": "RHSA-2025:23480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23481", "reference_id": "RHSA-2025:23481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0685", "reference_id": "RHSA-2026:0685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0693", "reference_id": "RHSA-2026:0693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0976", "reference_id": "RHSA-2026:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1678", "reference_id": "RHSA-2026:1678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1790", "reference_id": "RHSA-2026:1790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1815", "reference_id": "RHSA-2026:1815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1858", "reference_id": "RHSA-2026:1858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1858" }, { "reference_url": "https://usn.ubuntu.com/8090-1/", "reference_id": "USN-8090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8090-1/" }, { "reference_url": "https://usn.ubuntu.com/8090-2/", "reference_id": "USN-8090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8090-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1055828?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-792n-jkzj-qqhd" }, { "vulnerability": "VCID-8efr-budq-6bb6" }, { "vulnerability": "VCID-a4eq-r71a-buhm" }, { "vulnerability": "VCID-a7m6-uqbt-nqd9" }, { "vulnerability": "VCID-ajmg-5kgx-k7h5" }, { "vulnerability": "VCID-bnrq-2fsr-mfgd" }, { "vulnerability": "VCID-kgn5-p8kx-qucj" }, { "vulnerability": "VCID-wga4-sqwk-4bfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1055829?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068120?format=api", "purl": "pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9" } ], "aliases": [ "CVE-2025-61984" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wga4-sqwk-4bfj" } ], "risk_score": "3.7", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7" }