Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1062524?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1062524?format=api", "purl": "pkg:deb/debian/php8.4@8.4.20-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "php8.4", "version": "8.4.20-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65493?format=api", "vulnerability_id": "VCID-26ab-3bt8-jkf3", "summary": "php: heap-based buffer overflow in array_merge()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14178.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05863", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06057", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05929", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05895", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05905", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05896", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05889", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05927", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05966", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05947", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05938", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14178" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14178" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574", "reference_id": "1123574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425625", "reference_id": "2425625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425625" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2", "reference_id": "GHSA-h96m-rvf9-jgm2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:00:50Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1169", "reference_id": "RHSA-2026:1169", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1169" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1185", "reference_id": "RHSA-2026:1185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1187", "reference_id": "RHSA-2026:1187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1190", "reference_id": "RHSA-2026:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1409", "reference_id": "RHSA-2026:1409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1412", "reference_id": "RHSA-2026:1412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1429", "reference_id": "RHSA-2026:1429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1628", "reference_id": "RHSA-2026:1628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2799", "reference_id": "RHSA-2026:2799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4077", "reference_id": "RHSA-2026:4077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4086", "reference_id": "RHSA-2026:4086", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4086" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4212", "reference_id": "RHSA-2026:4212", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4212" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4266", "reference_id": "RHSA-2026:4266", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4266" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4507", "reference_id": "RHSA-2026:4507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4514", "reference_id": "RHSA-2026:4514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4517", "reference_id": "RHSA-2026:4517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7614", "reference_id": "RHSA-2026:7614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7614" }, { "reference_url": "https://usn.ubuntu.com/7953-1/", "reference_id": "USN-7953-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7953-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935121?format=api", "purl": "pkg:deb/debian/php8.4@8.4.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935123?format=api", "purl": "pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935119?format=api", "purl": "pkg:deb/debian/php8.4@8.4.16-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062524?format=api", "purl": "pkg:deb/debian/php8.4@8.4.20-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-14178" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26ab-3bt8-jkf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65494?format=api", "vulnerability_id": "VCID-46m1-33z3-ruhk", "summary": "php: PHP: Denial of Service via invalid character sequence in PDO PostgreSQL prepared statement", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14180.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10092", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10147", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10167", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1004", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10018", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10155", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10051", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10127", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10187", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10227", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14180" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574", "reference_id": "1123574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425627", "reference_id": "2425627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425627" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj", "reference_id": "GHSA-8xr5-qppj-gvwj", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-29T15:59:59Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1169", "reference_id": "RHSA-2026:1169", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1169" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1185", "reference_id": "RHSA-2026:1185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1187", "reference_id": "RHSA-2026:1187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1190", "reference_id": "RHSA-2026:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1409", "reference_id": "RHSA-2026:1409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1412", "reference_id": "RHSA-2026:1412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1429", "reference_id": "RHSA-2026:1429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1628", "reference_id": "RHSA-2026:1628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3713", "reference_id": "RHSA-2026:3713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7614", "reference_id": "RHSA-2026:7614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7614" }, { "reference_url": "https://usn.ubuntu.com/7953-1/", "reference_id": "USN-7953-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7953-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935121?format=api", "purl": "pkg:deb/debian/php8.4@8.4.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935123?format=api", "purl": "pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935119?format=api", "purl": "pkg:deb/debian/php8.4@8.4.16-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062524?format=api", "purl": "pkg:deb/debian/php8.4@8.4.20-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-14180" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-46m1-33z3-ruhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68810?format=api", "vulnerability_id": "VCID-7qqj-hp6m-z7bh", "summary": "php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6491.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6491.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45447", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45427", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45392", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48576", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48573", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48623", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48618", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48569", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48566", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48587", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.4856", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6491" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378690", "reference_id": "2378690", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378690" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x", "reference_id": "GHSA-453j-q27h-5p8x", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-14T15:59:51Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23309", "reference_id": "RHSA-2025:23309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1409", "reference_id": "RHSA-2026:1409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1412", "reference_id": "RHSA-2026:1412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7648-1/", "reference_id": "USN-7648-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7648-1/" }, { "reference_url": "https://usn.ubuntu.com/7648-2/", "reference_id": "USN-7648-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7648-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935122?format=api", "purl": "pkg:deb/debian/php8.4@8.4.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935121?format=api", "purl": "pkg:deb/debian/php8.4@8.4.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935119?format=api", "purl": "pkg:deb/debian/php8.4@8.4.16-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062524?format=api", "purl": "pkg:deb/debian/php8.4@8.4.20-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-6491" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7qqj-hp6m-z7bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70597?format=api", "vulnerability_id": "VCID-bf18-3zx5-f7gr", "summary": "php: Header parser of http stream wrapper does not handle folded headers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2253", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22487", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27049", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27053", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26996", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27005", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26979", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2698", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27094", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27097", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42347", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1217" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355917", "reference_id": "2355917", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355917" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g", "reference_id": "GHSA-v8xr-gpvj-cx9g", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:A" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:23:16Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15687", "reference_id": "RHSA-2025:15687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4263", "reference_id": "RHSA-2025:4263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7418", "reference_id": "RHSA-2025:7418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7431", "reference_id": "RHSA-2025:7431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7432", "reference_id": "RHSA-2025:7432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7489", "reference_id": "RHSA-2025:7489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7489" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7400-1/", "reference_id": "USN-7400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7400-1/" }, { "reference_url": "https://usn.ubuntu.com/7645-1/", "reference_id": "USN-7645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7645-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935120?format=api", "purl": "pkg:deb/debian/php8.4@8.4.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935121?format=api", "purl": "pkg:deb/debian/php8.4@8.4.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935119?format=api", "purl": "pkg:deb/debian/php8.4@8.4.16-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062524?format=api", "purl": "pkg:deb/debian/php8.4@8.4.20-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-1217" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bf18-3zx5-f7gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68662?format=api", "vulnerability_id": "VCID-fyhr-st6h-eker", "summary": "php: PHP Hostname Null Character Vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1220.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1220.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1132", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15356", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15785", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15809", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15732", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15741", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15877", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.1594", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15916", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1220" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379792", "reference_id": "2379792", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379792" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r", "reference_id": "GHSA-3cr5-j632-f35r", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-14T15:58:46Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23309", "reference_id": "RHSA-2025:23309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1409", "reference_id": "RHSA-2026:1409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1412", "reference_id": "RHSA-2026:1412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7648-1/", "reference_id": "USN-7648-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7648-1/" }, { "reference_url": "https://usn.ubuntu.com/7648-2/", "reference_id": "USN-7648-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7648-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935122?format=api", "purl": "pkg:deb/debian/php8.4@8.4.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935121?format=api", "purl": "pkg:deb/debian/php8.4@8.4.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935119?format=api", "purl": "pkg:deb/debian/php8.4@8.4.16-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062524?format=api", "purl": "pkg:deb/debian/php8.4@8.4.20-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-1220" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fyhr-st6h-eker" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70461?format=api", "vulnerability_id": "VCID-hjx8-gss6-gfb1", "summary": "php: Reference counting in php_request_shutdown causes Use-After-Free", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11235.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11235.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11235", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00569", "scoring_system": "epss", "scoring_elements": "0.68599", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01473", "scoring_system": "epss", "scoring_elements": "0.80976", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01473", "scoring_system": "epss", "scoring_elements": "0.80977", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01473", "scoring_system": "epss", "scoring_elements": "0.80889", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01473", "scoring_system": "epss", "scoring_elements": "0.80912", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01473", "scoring_system": "epss", "scoring_elements": "0.80909", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01473", "scoring_system": "epss", "scoring_elements": "0.80937", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01473", "scoring_system": "epss", "scoring_elements": "0.80946", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01473", "scoring_system": "epss", "scoring_elements": "0.80962", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01473", "scoring_system": "epss", "scoring_elements": "0.80948", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01473", "scoring_system": "epss", "scoring_elements": "0.80939", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11235" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357531", "reference_id": "2357531", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357531" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477", "reference_id": "GHSA-rwp7-7vc6-8477", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Amber" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-05T03:55:37Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7418", "reference_id": "RHSA-2025:7418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7489", "reference_id": "RHSA-2025:7489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7489" }, { "reference_url": "https://usn.ubuntu.com/7400-1/", "reference_id": "USN-7400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7400-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935120?format=api", "purl": "pkg:deb/debian/php8.4@8.4.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935121?format=api", "purl": "pkg:deb/debian/php8.4@8.4.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935119?format=api", "purl": "pkg:deb/debian/php8.4@8.4.16-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062524?format=api", "purl": "pkg:deb/debian/php8.4@8.4.20-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-11235" ], "risk_score": 4.2, "exploitability": "0.5", "weighted_severity": "8.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hjx8-gss6-gfb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70593?format=api", "vulnerability_id": "VCID-nrnn-pgxj-xugg", "summary": "php: Stream HTTP wrapper truncates redirect location to 1024 bytes", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1861.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1861.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1861", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72086", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72065", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76144", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76158", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76155", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76197", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.762", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76111", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76157", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76182", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0098", "scoring_system": "epss", "scoring_elements": "0.76802", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1861" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1861", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1861" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356046", "reference_id": "2356046", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356046" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff", "reference_id": "GHSA-52jp-hrpf-2jff", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-31T12:55:53Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15687", "reference_id": "RHSA-2025:15687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4263", "reference_id": "RHSA-2025:4263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7418", "reference_id": "RHSA-2025:7418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7431", "reference_id": "RHSA-2025:7431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7432", "reference_id": "RHSA-2025:7432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7489", "reference_id": "RHSA-2025:7489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7489" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7400-1/", "reference_id": "USN-7400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7400-1/" }, { "reference_url": "https://usn.ubuntu.com/7645-1/", "reference_id": "USN-7645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7645-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935120?format=api", "purl": "pkg:deb/debian/php8.4@8.4.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935121?format=api", "purl": "pkg:deb/debian/php8.4@8.4.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935119?format=api", "purl": "pkg:deb/debian/php8.4@8.4.16-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062524?format=api", "purl": "pkg:deb/debian/php8.4@8.4.20-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-1861" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nrnn-pgxj-xugg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70594?format=api", "vulnerability_id": "VCID-qyx5-b321-2udm", "summary": "php: Stream HTTP wrapper header check might omit basic auth header", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1736.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1736.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65377", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65351", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66802", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.70731", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.70738", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.70633", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.70679", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.70695", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.70718", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.70701", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.70686", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1736" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1736", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1736" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356041", "reference_id": "2356041", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356041" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528", "reference_id": "GHSA-hgf5-96fm-v528", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T12:57:12Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15687", "reference_id": "RHSA-2025:15687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4263", "reference_id": "RHSA-2025:4263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7418", "reference_id": "RHSA-2025:7418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7431", "reference_id": "RHSA-2025:7431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7432", "reference_id": "RHSA-2025:7432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7489", "reference_id": "RHSA-2025:7489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7489" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7400-1/", "reference_id": "USN-7400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7400-1/" }, { "reference_url": "https://usn.ubuntu.com/7645-1/", "reference_id": "USN-7645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7645-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935120?format=api", "purl": "pkg:deb/debian/php8.4@8.4.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935121?format=api", "purl": "pkg:deb/debian/php8.4@8.4.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935119?format=api", "purl": "pkg:deb/debian/php8.4@8.4.16-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062524?format=api", "purl": "pkg:deb/debian/php8.4@8.4.20-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-1736" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qyx5-b321-2udm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65492?format=api", "vulnerability_id": "VCID-rh5h-at8n-bfdj", "summary": "php: PHP: Information disclosure via getimagesize() function when reading multi-chunk images", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14177.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14177.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14177", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18706", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18486", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18514", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18455", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18464", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18761", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18477", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18557", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1861", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18613", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18566", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14177" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574", "reference_id": "1123574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425626", "reference_id": "2425626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425626" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7", "reference_id": "GHSA-3237-qqm7-mfv7", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:01:25Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1409", "reference_id": "RHSA-2026:1409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1412", "reference_id": "RHSA-2026:1412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1429", "reference_id": "RHSA-2026:1429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1628", "reference_id": "RHSA-2026:1628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2799", "reference_id": "RHSA-2026:2799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7614", "reference_id": "RHSA-2026:7614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7614" }, { "reference_url": "https://usn.ubuntu.com/7953-1/", "reference_id": "USN-7953-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7953-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935121?format=api", "purl": "pkg:deb/debian/php8.4@8.4.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935123?format=api", "purl": "pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935119?format=api", "purl": "pkg:deb/debian/php8.4@8.4.16-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062524?format=api", "purl": "pkg:deb/debian/php8.4@8.4.20-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-14177" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rh5h-at8n-bfdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70596?format=api", "vulnerability_id": "VCID-t862-kese-z7ae", "summary": "php: libxml streams use wrong content-type header when requesting a redirected resource", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1219.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1219.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1219", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20744", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20598", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20635", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20583", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2057", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20568", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20803", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20522", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20657", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20677", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25048", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1219" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1219", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1219" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356043", "reference_id": "2356043", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356043" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc", "reference_id": "GHSA-p3x9-6h7p-cgfc", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:10:21Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15687", "reference_id": "RHSA-2025:15687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4263", "reference_id": "RHSA-2025:4263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7418", "reference_id": "RHSA-2025:7418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7431", "reference_id": "RHSA-2025:7431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7432", "reference_id": "RHSA-2025:7432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7489", "reference_id": "RHSA-2025:7489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7489" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7400-1/", "reference_id": "USN-7400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7400-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935120?format=api", "purl": "pkg:deb/debian/php8.4@8.4.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935121?format=api", "purl": "pkg:deb/debian/php8.4@8.4.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935119?format=api", "purl": "pkg:deb/debian/php8.4@8.4.16-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062524?format=api", "purl": "pkg:deb/debian/php8.4@8.4.20-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-1219" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t862-kese-z7ae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70595?format=api", "vulnerability_id": "VCID-uqrh-9nue-rqgx", "summary": "php: Streams HTTP wrapper does not fail for headers with invalid name and no colon", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1734.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1734.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59546", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59591", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59605", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59585", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59618", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59625", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59571", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.5954", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59603", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59622", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72513", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1734" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1734", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1734" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356042", "reference_id": "2356042", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356042" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44", "reference_id": "GHSA-pcmh-g36c-qc44", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T14:21:51Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15687", "reference_id": "RHSA-2025:15687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4263", "reference_id": "RHSA-2025:4263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7418", "reference_id": "RHSA-2025:7418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7431", "reference_id": "RHSA-2025:7431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7432", "reference_id": "RHSA-2025:7432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7489", "reference_id": "RHSA-2025:7489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7489" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7400-1/", "reference_id": "USN-7400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7400-1/" }, { "reference_url": "https://usn.ubuntu.com/7645-1/", "reference_id": "USN-7645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7645-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935120?format=api", "purl": "pkg:deb/debian/php8.4@8.4.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935121?format=api", "purl": "pkg:deb/debian/php8.4@8.4.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935119?format=api", "purl": "pkg:deb/debian/php8.4@8.4.16-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062524?format=api", "purl": "pkg:deb/debian/php8.4@8.4.20-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-1734" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uqrh-9nue-rqgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68809?format=api", "vulnerability_id": "VCID-uush-g6k9-9ffm", "summary": "php: pgsql extension does not check for errors during escaping", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1735.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1735.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1735", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33221", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33187", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33052", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35471", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35493", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35532", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35522", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35525", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35549", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35558", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35514", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1735" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378689", "reference_id": "2378689", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378689" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-hrwm-9436-5mv3", "reference_id": "GHSA-hrwm-9436-5mv3", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-14T15:58:08Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-hrwm-9436-5mv3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23309", "reference_id": "RHSA-2025:23309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1409", "reference_id": "RHSA-2026:1409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1412", "reference_id": "RHSA-2026:1412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7648-1/", "reference_id": "USN-7648-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7648-1/" }, { "reference_url": "https://usn.ubuntu.com/7648-2/", "reference_id": "USN-7648-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7648-2/" }, { "reference_url": "https://usn.ubuntu.com/7648-3/", "reference_id": "USN-7648-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7648-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935122?format=api", "purl": "pkg:deb/debian/php8.4@8.4.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935121?format=api", "purl": "pkg:deb/debian/php8.4@8.4.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935119?format=api", "purl": "pkg:deb/debian/php8.4@8.4.16-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062524?format=api", "purl": "pkg:deb/debian/php8.4@8.4.20-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-1735" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uush-g6k9-9ffm" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie" }