Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1066716?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1066716?format=api", "purl": "pkg:rpm/redhat/firefox@140.9.1-1?arch=el10_1", "type": "rpm", "namespace": "redhat", "name": "firefox", "version": "140.9.1-1", "qualifiers": { "arch": "el10_1" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349997?format=api", "vulnerability_id": "VCID-5dw5-vpt8-zqbz", "summary": "Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5731.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5731.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5731", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17187", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17176", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17223", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17244", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20167", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20168", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21869", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21867", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5731" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455901", "reference_id": "2455901", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455901" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25", "reference_id": "mfsa2026-25", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-25/", "reference_id": "mfsa2026-25", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-25/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-26", "reference_id": "mfsa2026-26", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-26/", "reference_id": "mfsa2026-26", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-26/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27", "reference_id": "mfsa2026-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-27/", "reference_id": "mfsa2026-27", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-27/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28", "reference_id": "mfsa2026-28", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-28/", "reference_id": "mfsa2026-28", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-28/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29", "reference_id": "mfsa2026-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-29/", "reference_id": "mfsa2026-29", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-29/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7671", "reference_id": "RHSA-2026:7671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7672", "reference_id": "RHSA-2026:7672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8052", "reference_id": "RHSA-2026:8052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8459", "reference_id": "RHSA-2026:8459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8459" } ], "fixed_packages": [], "aliases": [ "CVE-2026-5731" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5dw5-vpt8-zqbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349998?format=api", "vulnerability_id": "VCID-9ag7-z86d-nba9", "summary": "Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5734.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5734.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13876", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13903", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13955", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13912", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18576", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18602", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18556", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18547", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5734" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455897", "reference_id": "2455897", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455897" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505", "reference_id": "buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25", "reference_id": "mfsa2026-25", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-25/", "reference_id": "mfsa2026-25", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-25/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27", "reference_id": "mfsa2026-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-27/", "reference_id": "mfsa2026-27", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-27/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28", "reference_id": "mfsa2026-28", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-28/", "reference_id": "mfsa2026-28", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-28/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29", "reference_id": "mfsa2026-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-29/", "reference_id": "mfsa2026-29", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-29/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7671", "reference_id": "RHSA-2026:7671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7672", "reference_id": "RHSA-2026:7672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8052", "reference_id": "RHSA-2026:8052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8459", "reference_id": "RHSA-2026:8459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8459" } ], "fixed_packages": [], "aliases": [ "CVE-2026-5734" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ag7-z86d-nba9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63979?format=api", "vulnerability_id": "VCID-dm7h-c7wt-1kbs", "summary": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11022", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12864", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13064", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12779", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12775", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12874", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12919", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12954", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12994", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12943", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15898", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33416" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012", "reference_id": "1132012", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb", "reference_id": "23019269764e35ed8458e517f1897bd3c54820eb", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805", "reference_id": "2451805", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667", "reference_id": "7ea9eea884a2328cc7fdcb3c0c00246a50d90667", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667" }, { "reference_url": "https://github.com/pnggroup/libpng/pull/824", "reference_id": "824", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/pull/824" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25", "reference_id": "a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1", "reference_id": "c1b0318b393c90679e6fa5bc1d329fd5d5012ec1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j", "reference_id": "GHSA-m4pc-p4q3-4c7j", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6732", "reference_id": "RHSA-2026:6732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7671", "reference_id": "RHSA-2026:7671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7672", "reference_id": "RHSA-2026:7672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8052", "reference_id": "RHSA-2026:8052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8459", "reference_id": "RHSA-2026:8459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8459" } ], "fixed_packages": [], "aliases": [ "CVE-2026-33416" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dm7h-c7wt-1kbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63978?format=api", "vulnerability_id": "VCID-ptgq-884e-mkft", "summary": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33636", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09521", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09433", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09508", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09555", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09569", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.0954", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09524", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09418", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.0942", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10217", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15153", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33636" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013", "reference_id": "1132013", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819", "reference_id": "2451819", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869", "reference_id": "7734cda20cf1236aef60f3bbd2267c97bbb40869", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3", "reference_id": "aba9f18eba870d14fb52c5ba5d73451349e339c3", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2", "reference_id": "GHSA-wjr5-c57x-95m2", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6732", "reference_id": "RHSA-2026:6732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7671", "reference_id": "RHSA-2026:7671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7672", "reference_id": "RHSA-2026:7672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8052", "reference_id": "RHSA-2026:8052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8459", "reference_id": "RHSA-2026:8459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8459" } ], "fixed_packages": [], "aliases": [ "CVE-2026-33636" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ptgq-884e-mkft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349995?format=api", "vulnerability_id": "VCID-qbzp-euvv-q7c7", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5732.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5732.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5732", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1175", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11789", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11778", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11723", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12843", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12835", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12738", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12742", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5732" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455908", "reference_id": "2455908", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455908" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25", "reference_id": "mfsa2026-25", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-25/", "reference_id": "mfsa2026-25", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-25/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27", "reference_id": "mfsa2026-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-27/", "reference_id": "mfsa2026-27", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-27/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28", "reference_id": "mfsa2026-28", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-28/", "reference_id": "mfsa2026-28", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-28/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29", "reference_id": "mfsa2026-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-29/", "reference_id": "mfsa2026-29", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-29/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7671", "reference_id": "RHSA-2026:7671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7672", "reference_id": "RHSA-2026:7672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8052", "reference_id": "RHSA-2026:8052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8459", "reference_id": "RHSA-2026:8459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8459" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017867", "reference_id": "show_bug.cgi?id=2017867", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017867" } ], "fixed_packages": [], "aliases": [ "CVE-2026-5732" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qbzp-euvv-q7c7" } ], "fixing_vulnerabilities": [], "risk_score": "4.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@140.9.1-1%3Farch=el10_1" }