Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1062513?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1062513?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "openjdk-25", "version": "25.0.3~8ea-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "25.0.3~8ea-2", "latest_non_vulnerable_version": "25.0.3+9-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353818?format=api", "vulnerability_id": "VCID-1gha-995s-7qdg", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22016.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22016.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09722", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22016" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22016", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22016" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894", "reference_id": "1134894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460039", "reference_id": "2460039", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460039" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:11:15Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1077470?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077469?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-22016" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1gha-995s-7qdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353650?format=api", "vulnerability_id": "VCID-57sd-8y93-qqhu", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34282.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34282.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.121", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34282" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34282", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34282" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460044", "reference_id": "2460044", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460044" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:33:23Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1077470?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077469?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-34282" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57sd-8y93-qqhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353834?format=api", "vulnerability_id": "VCID-6r1k-8y1c-q7fm", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22007.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22007.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22007", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01704", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22007" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894", "reference_id": "1134894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460038", "reference_id": "2460038", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460038" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1077470?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077469?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-22007" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6r1k-8y1c-q7fm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353681?format=api", "vulnerability_id": "VCID-jxgd-j4wr-tyb7", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34268.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34268.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34268", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01704", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34268" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34268", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34268" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894", "reference_id": "1134894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460043", "reference_id": "2460043", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460043" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T13:55:07Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1077470?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077469?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-34268" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jxgd-j4wr-tyb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353828?format=api", "vulnerability_id": "VCID-m54j-wfuk-yua7", "summary": "Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22008.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22008.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22008", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07437", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22008" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460029", "reference_id": "2460029", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460029" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:38Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7286", "reference_id": "RHSA-2026:7286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7311", "reference_id": "RHSA-2026:7311", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7311" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1077470?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077469?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-22008" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m54j-wfuk-yua7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353829?format=api", "vulnerability_id": "VCID-sz6r-65q1-q3bh", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22021.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22021.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22021", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11666", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22021" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894", "reference_id": "1134894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460042", "reference_id": "2460042", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460042" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T13:58:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1077470?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077469?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-22021" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sz6r-65q1-q3bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353832?format=api", "vulnerability_id": "VCID-xte1-h9nn-4bbk", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22018.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22018.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11666", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22018" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22018", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22018" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894", "reference_id": "1134894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460041", "reference_id": "2460041", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460041" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:52Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1077470?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077469?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-22018" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xte1-h9nn-4bbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353820?format=api", "vulnerability_id": "VCID-zsun-4q6p-8fek", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22013.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22013.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12118", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22013" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894", "reference_id": "1134894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460040", "reference_id": "2460040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460040" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:09:34Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1077470?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077469?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-22013" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zsun-4q6p-8fek" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66833?format=api", "vulnerability_id": "VCID-13t7-vubq-8kae", "summary": "openjdk: Enhance certificate handling (Oracle CPU 2025-10)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53057.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53057.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53057", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18209", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22397", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22702", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22587", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22602", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22599", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22747", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22535", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22612", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22666", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22683", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22642", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53057" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118944", "reference_id": "1118944", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118944" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403082", "reference_id": "2403082", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403082" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "reference_id": "cpuoct2025.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-22T14:46:38Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2025.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18814", "reference_id": "RHSA-2025:18814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18814" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18815", "reference_id": "RHSA-2025:18815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18816", "reference_id": "RHSA-2025:18816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18817", "reference_id": "RHSA-2025:18817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18818", "reference_id": "RHSA-2025:18818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18819", "reference_id": "RHSA-2025:18819", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18819" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18820", "reference_id": "RHSA-2025:18820", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18820" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18821", "reference_id": "RHSA-2025:18821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18821" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18822", "reference_id": "RHSA-2025:18822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18823", "reference_id": "RHSA-2025:18823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18824", "reference_id": "RHSA-2025:18824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18825", "reference_id": "RHSA-2025:18825", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18825" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18826", "reference_id": "RHSA-2025:18826", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18826" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21485", "reference_id": "RHSA-2025:21485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22370", "reference_id": "RHSA-2025:22370", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22672", "reference_id": "RHSA-2025:22672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22672" }, { "reference_url": "https://usn.ubuntu.com/7881-1/", "reference_id": "USN-7881-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7881-1/" }, { "reference_url": "https://usn.ubuntu.com/7882-1/", "reference_id": "USN-7882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7882-1/" }, { "reference_url": "https://usn.ubuntu.com/7883-1/", "reference_id": "USN-7883-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7883-1/" }, { "reference_url": "https://usn.ubuntu.com/7884-1/", "reference_id": "USN-7884-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7884-1/" }, { "reference_url": "https://usn.ubuntu.com/7885-1/", "reference_id": "USN-7885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7885-1/" }, { "reference_url": "https://usn.ubuntu.com/7900-1/", "reference_id": "USN-7900-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7900-1/" }, { "reference_url": "https://usn.ubuntu.com/7901-1/", "reference_id": "USN-7901-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7901-1/" }, { "reference_url": "https://usn.ubuntu.com/7902-1/", "reference_id": "USN-7902-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7902-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/933669?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.1%2B8-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.1%252B8-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933666?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.1%2B8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.1%252B8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933668?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-m54j-wfuk-yua7" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933665?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~5ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933667?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~7ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062513?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-m54j-wfuk-yua7" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067594?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077469?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-53057" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-13t7-vubq-8kae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64943?format=api", "vulnerability_id": "VCID-4snj-etwf-eqe8", "summary": "openjdk: Improve HttpServer Request handling (Oracle CPU 2026-01)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21933.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21933.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21933", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09035", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09147", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.08972", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.08951", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09105", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09086", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0901", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0909", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09121", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09122", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09091", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09077", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21933" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119", "reference_id": "1126119", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429926", "reference_id": "2429926", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429926" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2026.html", "reference_id": "cpujan2026.html", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:56:13Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0847", "reference_id": "RHSA-2026:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0848", "reference_id": "RHSA-2026:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0849", "reference_id": "RHSA-2026:0849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0895", "reference_id": "RHSA-2026:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0896", "reference_id": "RHSA-2026:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0896" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0897", "reference_id": "RHSA-2026:0897", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0897" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0898", "reference_id": "RHSA-2026:0898", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0898" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0899", "reference_id": "RHSA-2026:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0900", "reference_id": "RHSA-2026:0900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0901", "reference_id": "RHSA-2026:0901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0927", "reference_id": "RHSA-2026:0927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0928", "reference_id": "RHSA-2026:0928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0928" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0931", "reference_id": "RHSA-2026:0931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0932", "reference_id": "RHSA-2026:0932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0933", "reference_id": "RHSA-2026:0933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1606", "reference_id": "RHSA-2026:1606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4832", "reference_id": "RHSA-2026:4832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4832" }, { "reference_url": "https://usn.ubuntu.com/7995-1/", "reference_id": "USN-7995-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7995-1/" }, { "reference_url": "https://usn.ubuntu.com/7996-1/", "reference_id": "USN-7996-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7996-1/" }, { "reference_url": "https://usn.ubuntu.com/7997-1/", "reference_id": "USN-7997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7997-1/" }, { "reference_url": "https://usn.ubuntu.com/7998-1/", "reference_id": "USN-7998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7998-1/" }, { "reference_url": "https://usn.ubuntu.com/8000-1/", "reference_id": "USN-8000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8000-1/" }, { "reference_url": "https://usn.ubuntu.com/8001-1/", "reference_id": "USN-8001-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8001-1/" }, { "reference_url": "https://usn.ubuntu.com/8002-1/", "reference_id": "USN-8002-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8002-1/" }, { "reference_url": "https://usn.ubuntu.com/8003-1/", "reference_id": "USN-8003-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8003-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/933668?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-m54j-wfuk-yua7" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933670?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.2%2B10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933665?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~5ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933667?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~7ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062513?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-m54j-wfuk-yua7" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067594?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077469?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-21933" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4snj-etwf-eqe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/354154?format=api", "vulnerability_id": "VCID-6fce-bys3-kkgm", "summary": "openjdk: OpenJDK: Update LibPNG (Oracle CPU 2026-04)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22020.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22020.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460045", "reference_id": "2460045", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460045" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1077471?format=api", "purl": "pkg:deb/debian/openjdk-25@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933668?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-m54j-wfuk-yua7" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062513?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-m54j-wfuk-yua7" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077469?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-22020" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6fce-bys3-kkgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64944?format=api", "vulnerability_id": "VCID-apsn-z1br-3bdy", "summary": "openjdk: Enhance Certificate Checking (Oracle CPU 2026-01)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21945.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21945.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21945", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16874", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16615", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16664", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16672", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16709", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.1693", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16714", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16799", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16854", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16832", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16786", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16728", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21945" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119", "reference_id": "1126119", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429927", "reference_id": "2429927", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429927" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2026.html", "reference_id": "cpujan2026.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:04:39Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0847", "reference_id": "RHSA-2026:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0848", "reference_id": "RHSA-2026:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0849", "reference_id": "RHSA-2026:0849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0895", "reference_id": "RHSA-2026:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0896", "reference_id": "RHSA-2026:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0896" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0897", "reference_id": "RHSA-2026:0897", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0897" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0898", "reference_id": "RHSA-2026:0898", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0898" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0899", "reference_id": "RHSA-2026:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0900", "reference_id": "RHSA-2026:0900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0901", "reference_id": "RHSA-2026:0901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0927", "reference_id": "RHSA-2026:0927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0928", "reference_id": "RHSA-2026:0928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0928" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0931", "reference_id": "RHSA-2026:0931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0932", "reference_id": "RHSA-2026:0932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0933", "reference_id": "RHSA-2026:0933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1606", "reference_id": "RHSA-2026:1606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4832", "reference_id": "RHSA-2026:4832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4832" }, { "reference_url": "https://usn.ubuntu.com/7995-1/", "reference_id": "USN-7995-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7995-1/" }, { "reference_url": "https://usn.ubuntu.com/7996-1/", "reference_id": "USN-7996-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7996-1/" }, { "reference_url": "https://usn.ubuntu.com/7997-1/", "reference_id": "USN-7997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7997-1/" }, { "reference_url": "https://usn.ubuntu.com/7998-1/", "reference_id": "USN-7998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7998-1/" }, { "reference_url": "https://usn.ubuntu.com/8000-1/", "reference_id": "USN-8000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8000-1/" }, { "reference_url": "https://usn.ubuntu.com/8001-1/", "reference_id": "USN-8001-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8001-1/" }, { "reference_url": "https://usn.ubuntu.com/8002-1/", "reference_id": "USN-8002-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8002-1/" }, { "reference_url": "https://usn.ubuntu.com/8003-1/", "reference_id": "USN-8003-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8003-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/933668?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-m54j-wfuk-yua7" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933670?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.2%2B10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933665?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~5ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933667?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~7ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062513?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-m54j-wfuk-yua7" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067594?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077469?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-21945" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-apsn-z1br-3bdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64942?format=api", "vulnerability_id": "VCID-duy9-6f1p-vqah", "summary": "openjdk: Enhance Handling of URIs (Oracle CPU 2026-01)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21932.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21932.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09259", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09406", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09205", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09204", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09355", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0931", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09227", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09302", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09346", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09356", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09328", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09314", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21932" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119", "reference_id": "1126119", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429925", "reference_id": "2429925", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429925" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2026.html", "reference_id": "cpujan2026.html", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:55:36Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0849", "reference_id": "RHSA-2026:0849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0896", "reference_id": "RHSA-2026:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0896" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0898", "reference_id": "RHSA-2026:0898", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0898" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0900", "reference_id": "RHSA-2026:0900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1606", "reference_id": "RHSA-2026:1606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1606" }, { "reference_url": "https://usn.ubuntu.com/7995-1/", "reference_id": "USN-7995-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7995-1/" }, { "reference_url": "https://usn.ubuntu.com/7996-1/", "reference_id": "USN-7996-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7996-1/" }, { "reference_url": "https://usn.ubuntu.com/7997-1/", "reference_id": "USN-7997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7997-1/" }, { "reference_url": "https://usn.ubuntu.com/7998-1/", "reference_id": "USN-7998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7998-1/" }, { "reference_url": "https://usn.ubuntu.com/8000-1/", "reference_id": "USN-8000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8000-1/" }, { "reference_url": "https://usn.ubuntu.com/8001-1/", "reference_id": "USN-8001-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8001-1/" }, { "reference_url": "https://usn.ubuntu.com/8002-1/", "reference_id": "USN-8002-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8002-1/" }, { "reference_url": "https://usn.ubuntu.com/8003-1/", "reference_id": "USN-8003-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8003-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/933668?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-m54j-wfuk-yua7" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933670?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.2%2B10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933665?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~5ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933667?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~7ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062513?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-m54j-wfuk-yua7" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067594?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077469?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-21932" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-duy9-6f1p-vqah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66832?format=api", "vulnerability_id": "VCID-gwnq-we51-3bey", "summary": "openjdk: Enhance String handling (Oracle CPU 2025-10)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61748.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61748.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61748", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0979", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09863", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09702", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09671", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09815", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0984", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09741", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09812", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09865", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09872", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09837", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09821", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61748" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403064", "reference_id": "2403064", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403064" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "reference_id": "cpuoct2025.html", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-22T16:58:40Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2025.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18824", "reference_id": "RHSA-2025:18824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18825", "reference_id": "RHSA-2025:18825", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18825" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18826", "reference_id": "RHSA-2025:18826", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18826" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21485", "reference_id": "RHSA-2025:21485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21485" }, { "reference_url": "https://usn.ubuntu.com/7884-1/", "reference_id": "USN-7884-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7884-1/" }, { "reference_url": "https://usn.ubuntu.com/7885-1/", "reference_id": "USN-7885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7885-1/" }, { "reference_url": "https://usn.ubuntu.com/7901-1/", "reference_id": "USN-7901-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7901-1/" }, { "reference_url": "https://usn.ubuntu.com/7902-1/", "reference_id": "USN-7902-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7902-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/933669?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.1%2B8-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.1%252B8-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933666?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.1%2B8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.1%252B8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933668?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-m54j-wfuk-yua7" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933665?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~5ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933667?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~7ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062513?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-m54j-wfuk-yua7" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067594?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077469?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-61748" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gwnq-we51-3bey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64941?format=api", "vulnerability_id": "VCID-mt9c-tby1-wqe9", "summary": "openjdk: Improve JMX connections (Oracle CPU 2026-01)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21925.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21925.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21925", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10163", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10194", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10104", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10082", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10215", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10229", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10125", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.102", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1026", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10292", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10251", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10232", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21925" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119", "reference_id": "1126119", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429924", "reference_id": "2429924", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429924" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2026.html", "reference_id": "cpujan2026.html", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:50:27Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0847", "reference_id": "RHSA-2026:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0848", "reference_id": "RHSA-2026:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0849", "reference_id": "RHSA-2026:0849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0895", "reference_id": "RHSA-2026:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0896", "reference_id": "RHSA-2026:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0896" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0897", "reference_id": "RHSA-2026:0897", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0897" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0898", "reference_id": "RHSA-2026:0898", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0898" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0899", "reference_id": "RHSA-2026:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0900", "reference_id": "RHSA-2026:0900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0901", "reference_id": "RHSA-2026:0901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0927", "reference_id": "RHSA-2026:0927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0928", "reference_id": "RHSA-2026:0928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0928" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0931", "reference_id": "RHSA-2026:0931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0932", "reference_id": "RHSA-2026:0932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0933", "reference_id": "RHSA-2026:0933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1606", "reference_id": "RHSA-2026:1606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4832", "reference_id": "RHSA-2026:4832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4832" }, { "reference_url": "https://usn.ubuntu.com/7995-1/", "reference_id": "USN-7995-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7995-1/" }, { "reference_url": "https://usn.ubuntu.com/7996-1/", "reference_id": "USN-7996-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7996-1/" }, { "reference_url": "https://usn.ubuntu.com/7997-1/", "reference_id": "USN-7997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7997-1/" }, { "reference_url": "https://usn.ubuntu.com/7998-1/", "reference_id": "USN-7998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7998-1/" }, { "reference_url": "https://usn.ubuntu.com/8000-1/", "reference_id": "USN-8000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8000-1/" }, { "reference_url": "https://usn.ubuntu.com/8001-1/", "reference_id": "USN-8001-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8001-1/" }, { "reference_url": "https://usn.ubuntu.com/8002-1/", "reference_id": "USN-8002-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8002-1/" }, { "reference_url": "https://usn.ubuntu.com/8003-1/", "reference_id": "USN-8003-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8003-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/933668?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-m54j-wfuk-yua7" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933670?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.2%2B10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933665?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~5ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933667?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~7ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062513?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-m54j-wfuk-yua7" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067594?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077469?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-21925" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mt9c-tby1-wqe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66831?format=api", "vulnerability_id": "VCID-nxx8-nehy-qyhg", "summary": "openjdk: Enhance Path Factories (Oracle CPU 2025-10)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53066.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53066.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53066", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17286", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17019", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17073", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17113", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17335", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17115", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17207", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17263", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17241", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17193", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17132", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53066" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118944", "reference_id": "1118944", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118944" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403063", "reference_id": "2403063", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403063" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "reference_id": "cpuoct2025.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-22T19:44:34Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2025.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18814", "reference_id": "RHSA-2025:18814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18814" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18815", "reference_id": "RHSA-2025:18815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18816", "reference_id": "RHSA-2025:18816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18817", "reference_id": "RHSA-2025:18817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18818", "reference_id": "RHSA-2025:18818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18819", "reference_id": "RHSA-2025:18819", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18819" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18820", "reference_id": "RHSA-2025:18820", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18820" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18821", "reference_id": "RHSA-2025:18821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18821" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18822", "reference_id": "RHSA-2025:18822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18823", "reference_id": "RHSA-2025:18823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18824", "reference_id": "RHSA-2025:18824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18825", "reference_id": "RHSA-2025:18825", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18825" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18826", "reference_id": "RHSA-2025:18826", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18826" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21485", "reference_id": "RHSA-2025:21485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22370", "reference_id": "RHSA-2025:22370", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22672", "reference_id": "RHSA-2025:22672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22672" }, { "reference_url": "https://usn.ubuntu.com/7881-1/", "reference_id": "USN-7881-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7881-1/" }, { "reference_url": "https://usn.ubuntu.com/7882-1/", "reference_id": "USN-7882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7882-1/" }, { "reference_url": "https://usn.ubuntu.com/7883-1/", "reference_id": "USN-7883-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7883-1/" }, { "reference_url": "https://usn.ubuntu.com/7884-1/", "reference_id": "USN-7884-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7884-1/" }, { "reference_url": "https://usn.ubuntu.com/7885-1/", "reference_id": "USN-7885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7885-1/" }, { "reference_url": "https://usn.ubuntu.com/7900-1/", "reference_id": "USN-7900-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7900-1/" }, { "reference_url": "https://usn.ubuntu.com/7901-1/", "reference_id": "USN-7901-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7901-1/" }, { "reference_url": "https://usn.ubuntu.com/7902-1/", "reference_id": "USN-7902-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7902-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/933669?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.1%2B8-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.1%252B8-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933666?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.1%2B8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.1%252B8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933668?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-m54j-wfuk-yua7" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933665?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~5ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933667?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~7ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062513?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gha-995s-7qdg" }, { "vulnerability": "VCID-57sd-8y93-qqhu" }, { "vulnerability": "VCID-6r1k-8y1c-q7fm" }, { "vulnerability": "VCID-jxgd-j4wr-tyb7" }, { "vulnerability": "VCID-m54j-wfuk-yua7" }, { "vulnerability": "VCID-sz6r-65q1-q3bh" }, { "vulnerability": "VCID-xte1-h9nn-4bbk" }, { "vulnerability": "VCID-zsun-4q6p-8fek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067594?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077469?format=api", "purl": "pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-53066" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nxx8-nehy-qyhg" } ], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-1%3Fdistro=trixie" }