Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie

Type deb

Namespace debian

Name openjdk-25

Version 25.0.3+9-2

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-13t7-vubq-8kae

vulnerability_id VCID-13t7-vubq-8kae

summary openjdk: Enhance certificate handling (Oracle CPU 2025-10)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53057.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53057.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-53057

reference_id

reference_type

scores

value	0.00058
scoring_system	epss
scoring_elements	0.18209
published_at	2026-04-21T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22397
published_at	2026-04-24T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22702
published_at	2026-04-02T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22587
published_at	2026-04-13T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22602
published_at	2026-04-16T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22599
published_at	2026-04-18T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22747
published_at	2026-04-04T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22535
published_at	2026-04-07T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22612
published_at	2026-04-08T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22666
published_at	2026-04-09T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22683
published_at	2026-04-11T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22642
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-53057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53057

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118944
reference_id	1118944
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118944

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2403082
reference_id	2403082
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2403082

reference_url

https://www.oracle.com/security-alerts/cpuoct2025.html

reference_id

cpuoct2025.html

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-22T14:46:38Z/

url

https://www.oracle.com/security-alerts/cpuoct2025.html

reference_url	https://access.redhat.com/errata/RHSA-2025:18814
reference_id	RHSA-2025:18814
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18814

reference_url	https://access.redhat.com/errata/RHSA-2025:18815
reference_id	RHSA-2025:18815
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18815

reference_url	https://access.redhat.com/errata/RHSA-2025:18816
reference_id	RHSA-2025:18816
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18816

reference_url	https://access.redhat.com/errata/RHSA-2025:18817
reference_id	RHSA-2025:18817
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18817

reference_url	https://access.redhat.com/errata/RHSA-2025:18818
reference_id	RHSA-2025:18818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18818

reference_url	https://access.redhat.com/errata/RHSA-2025:18819
reference_id	RHSA-2025:18819
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18819

reference_url	https://access.redhat.com/errata/RHSA-2025:18820
reference_id	RHSA-2025:18820
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18820

reference_url	https://access.redhat.com/errata/RHSA-2025:18821
reference_id	RHSA-2025:18821
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18821

reference_url	https://access.redhat.com/errata/RHSA-2025:18822
reference_id	RHSA-2025:18822
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18822

reference_url	https://access.redhat.com/errata/RHSA-2025:18823
reference_id	RHSA-2025:18823
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18823

reference_url	https://access.redhat.com/errata/RHSA-2025:18824
reference_id	RHSA-2025:18824
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18824

reference_url	https://access.redhat.com/errata/RHSA-2025:18825
reference_id	RHSA-2025:18825
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18825

reference_url	https://access.redhat.com/errata/RHSA-2025:18826
reference_id	RHSA-2025:18826
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18826

reference_url	https://access.redhat.com/errata/RHSA-2025:21485
reference_id	RHSA-2025:21485
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:21485

reference_url	https://access.redhat.com/errata/RHSA-2025:22370
reference_id	RHSA-2025:22370
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22370

reference_url	https://access.redhat.com/errata/RHSA-2025:22672
reference_id	RHSA-2025:22672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22672

reference_url	https://usn.ubuntu.com/7881-1/
reference_id	USN-7881-1
reference_type
scores
url	https://usn.ubuntu.com/7881-1/

reference_url	https://usn.ubuntu.com/7882-1/
reference_id	USN-7882-1
reference_type
scores
url	https://usn.ubuntu.com/7882-1/

reference_url	https://usn.ubuntu.com/7883-1/
reference_id	USN-7883-1
reference_type
scores
url	https://usn.ubuntu.com/7883-1/

reference_url	https://usn.ubuntu.com/7884-1/
reference_id	USN-7884-1
reference_type
scores
url	https://usn.ubuntu.com/7884-1/

reference_url	https://usn.ubuntu.com/7885-1/
reference_id	USN-7885-1
reference_type
scores
url	https://usn.ubuntu.com/7885-1/

reference_url	https://usn.ubuntu.com/7900-1/
reference_id	USN-7900-1
reference_type
scores
url	https://usn.ubuntu.com/7900-1/

reference_url	https://usn.ubuntu.com/7901-1/
reference_id	USN-7901-1
reference_type
scores
url	https://usn.ubuntu.com/7901-1/

reference_url	https://usn.ubuntu.com/7902-1/
reference_id	USN-7902-1
reference_type
scores
url	https://usn.ubuntu.com/7902-1/

fixed_packages

url	pkg:deb/debian/openjdk-25@25.0.1%2B8-1~deb13u1?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.1%2B8-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.1%252B8-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.1%2B8-1?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.1%2B8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.1%252B8-1%3Fdistro=trixie

url pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie

purl pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gha-995s-7qdg

vulnerability	VCID-57sd-8y93-qqhu

vulnerability	VCID-6r1k-8y1c-q7fm

vulnerability	VCID-jxgd-j4wr-tyb7

vulnerability	VCID-m54j-wfuk-yua7

vulnerability	VCID-sz6r-65q1-q3bh

vulnerability	VCID-xte1-h9nn-4bbk

vulnerability	VCID-zsun-4q6p-8fek

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1~deb13u2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~5ea-2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~7ea-2%3Fdistro=trixie

url pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie

purl pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gha-995s-7qdg

vulnerability	VCID-57sd-8y93-qqhu

vulnerability	VCID-6r1k-8y1c-q7fm

vulnerability	VCID-jxgd-j4wr-tyb7

vulnerability	VCID-m54j-wfuk-yua7

vulnerability	VCID-sz6r-65q1-q3bh

vulnerability	VCID-xte1-h9nn-4bbk

vulnerability	VCID-zsun-4q6p-8fek

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie

aliases CVE-2025-53057

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-13t7-vubq-8kae

url VCID-1gha-995s-7qdg

vulnerability_id VCID-1gha-995s-7qdg

summary Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22016.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22016.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22016

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09722
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22016

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22016
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22016

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894
reference_id	1134894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460039
reference_id	2460039
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460039

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:11:15Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie

aliases CVE-2026-22016

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1gha-995s-7qdg

url VCID-4snj-etwf-eqe8

vulnerability_id VCID-4snj-etwf-eqe8

summary openjdk: Improve HttpServer Request handling (Oracle CPU 2026-01)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21933.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21933.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-21933

reference_id

reference_type

scores

value	0.00032
scoring_system	epss
scoring_elements	0.09035
published_at	2026-04-02T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09147
published_at	2026-04-24T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.08972
published_at	2026-04-16T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.08951
published_at	2026-04-18T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09105
published_at	2026-04-21T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09086
published_at	2026-04-04T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.0901
published_at	2026-04-07T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.0909
published_at	2026-04-08T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09121
published_at	2026-04-09T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09122
published_at	2026-04-11T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09091
published_at	2026-04-12T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09077
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-21933

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21933
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21933

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119
reference_id	1126119
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2429926
reference_id	2429926
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2429926

reference_url

https://www.oracle.com/security-alerts/cpujan2026.html

reference_id

cpujan2026.html

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:56:13Z/

url

https://www.oracle.com/security-alerts/cpujan2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:0847
reference_id	RHSA-2026:0847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0847

reference_url	https://access.redhat.com/errata/RHSA-2026:0848
reference_id	RHSA-2026:0848
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0848

reference_url	https://access.redhat.com/errata/RHSA-2026:0849
reference_id	RHSA-2026:0849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0849

reference_url	https://access.redhat.com/errata/RHSA-2026:0895
reference_id	RHSA-2026:0895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0895

reference_url	https://access.redhat.com/errata/RHSA-2026:0896
reference_id	RHSA-2026:0896
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0896

reference_url	https://access.redhat.com/errata/RHSA-2026:0897
reference_id	RHSA-2026:0897
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0897

reference_url	https://access.redhat.com/errata/RHSA-2026:0898
reference_id	RHSA-2026:0898
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0898

reference_url	https://access.redhat.com/errata/RHSA-2026:0899
reference_id	RHSA-2026:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0899

reference_url	https://access.redhat.com/errata/RHSA-2026:0900
reference_id	RHSA-2026:0900
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0900

reference_url	https://access.redhat.com/errata/RHSA-2026:0901
reference_id	RHSA-2026:0901
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0901

reference_url	https://access.redhat.com/errata/RHSA-2026:0927
reference_id	RHSA-2026:0927
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0927

reference_url	https://access.redhat.com/errata/RHSA-2026:0928
reference_id	RHSA-2026:0928
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0928

reference_url	https://access.redhat.com/errata/RHSA-2026:0931
reference_id	RHSA-2026:0931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0931

reference_url	https://access.redhat.com/errata/RHSA-2026:0932
reference_id	RHSA-2026:0932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0932

reference_url	https://access.redhat.com/errata/RHSA-2026:0933
reference_id	RHSA-2026:0933
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0933

reference_url	https://access.redhat.com/errata/RHSA-2026:1606
reference_id	RHSA-2026:1606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1606

reference_url	https://access.redhat.com/errata/RHSA-2026:4832
reference_id	RHSA-2026:4832
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4832

reference_url	https://usn.ubuntu.com/7995-1/
reference_id	USN-7995-1
reference_type
scores
url	https://usn.ubuntu.com/7995-1/

reference_url	https://usn.ubuntu.com/7996-1/
reference_id	USN-7996-1
reference_type
scores
url	https://usn.ubuntu.com/7996-1/

reference_url	https://usn.ubuntu.com/7997-1/
reference_id	USN-7997-1
reference_type
scores
url	https://usn.ubuntu.com/7997-1/

reference_url	https://usn.ubuntu.com/7998-1/
reference_id	USN-7998-1
reference_type
scores
url	https://usn.ubuntu.com/7998-1/

reference_url	https://usn.ubuntu.com/8000-1/
reference_id	USN-8000-1
reference_type
scores
url	https://usn.ubuntu.com/8000-1/

reference_url	https://usn.ubuntu.com/8001-1/
reference_id	USN-8001-1
reference_type
scores
url	https://usn.ubuntu.com/8001-1/

reference_url	https://usn.ubuntu.com/8002-1/
reference_id	USN-8002-1
reference_type
scores
url	https://usn.ubuntu.com/8002-1/

reference_url	https://usn.ubuntu.com/8003-1/
reference_id	USN-8003-1
reference_type
scores
url	https://usn.ubuntu.com/8003-1/

fixed_packages

url pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie

purl pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gha-995s-7qdg

vulnerability	VCID-57sd-8y93-qqhu

vulnerability	VCID-6r1k-8y1c-q7fm

vulnerability	VCID-jxgd-j4wr-tyb7

vulnerability	VCID-m54j-wfuk-yua7

vulnerability	VCID-sz6r-65q1-q3bh

vulnerability	VCID-xte1-h9nn-4bbk

vulnerability	VCID-zsun-4q6p-8fek

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1~deb13u2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.2%2B10-1?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.2%2B10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~5ea-2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~7ea-2%3Fdistro=trixie

url pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie

purl pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gha-995s-7qdg

vulnerability	VCID-57sd-8y93-qqhu

vulnerability	VCID-6r1k-8y1c-q7fm

vulnerability	VCID-jxgd-j4wr-tyb7

vulnerability	VCID-m54j-wfuk-yua7

vulnerability	VCID-sz6r-65q1-q3bh

vulnerability	VCID-xte1-h9nn-4bbk

vulnerability	VCID-zsun-4q6p-8fek

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie

aliases CVE-2026-21933

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4snj-etwf-eqe8

url VCID-57sd-8y93-qqhu

vulnerability_id VCID-57sd-8y93-qqhu

summary Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34282.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34282.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-34282

reference_id

reference_type

scores

value	0.0004
scoring_system	epss
scoring_elements	0.121
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-34282

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34282
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34282

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460044
reference_id	2460044
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460044

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:33:23Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie

aliases CVE-2026-34282

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-57sd-8y93-qqhu

url VCID-6fce-bys3-kkgm

vulnerability_id VCID-6fce-bys3-kkgm

summary openjdk: OpenJDK: Update LibPNG (Oracle CPU 2026-04)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22020.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22020.json

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460045
reference_id	2460045
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460045

fixed_packages

url	pkg:deb/debian/openjdk-25@0?distro=trixie
purl	pkg:deb/debian/openjdk-25@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@0%3Fdistro=trixie

url pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie

purl pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gha-995s-7qdg

vulnerability	VCID-57sd-8y93-qqhu

vulnerability	VCID-6r1k-8y1c-q7fm

vulnerability	VCID-jxgd-j4wr-tyb7

vulnerability	VCID-m54j-wfuk-yua7

vulnerability	VCID-sz6r-65q1-q3bh

vulnerability	VCID-xte1-h9nn-4bbk

vulnerability	VCID-zsun-4q6p-8fek

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1~deb13u2%3Fdistro=trixie

url pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie

purl pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gha-995s-7qdg

vulnerability	VCID-57sd-8y93-qqhu

vulnerability	VCID-6r1k-8y1c-q7fm

vulnerability	VCID-jxgd-j4wr-tyb7

vulnerability	VCID-m54j-wfuk-yua7

vulnerability	VCID-sz6r-65q1-q3bh

vulnerability	VCID-xte1-h9nn-4bbk

vulnerability	VCID-zsun-4q6p-8fek

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie

aliases CVE-2026-22020

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6fce-bys3-kkgm

url VCID-6r1k-8y1c-q7fm

vulnerability_id VCID-6r1k-8y1c-q7fm

summary Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22007.json

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22007.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22007

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01704
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22007

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22007
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22007

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894
reference_id	1134894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460038
reference_id	2460038
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460038

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:16Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie

aliases CVE-2026-22007

risk_score 1.3

exploitability 0.5

weighted_severity 2.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6r1k-8y1c-q7fm

url VCID-apsn-z1br-3bdy

vulnerability_id VCID-apsn-z1br-3bdy

summary openjdk: Enhance Certificate Checking (Oracle CPU 2026-01)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21945.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21945.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-21945

reference_id

reference_type

scores

value	0.00053
scoring_system	epss
scoring_elements	0.16874
published_at	2026-04-02T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16615
published_at	2026-04-24T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16664
published_at	2026-04-16T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16672
published_at	2026-04-18T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16709
published_at	2026-04-21T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.1693
published_at	2026-04-04T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16714
published_at	2026-04-07T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16799
published_at	2026-04-08T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16854
published_at	2026-04-09T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16832
published_at	2026-04-11T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16786
published_at	2026-04-12T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16728
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-21945

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21945
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21945

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119
reference_id	1126119
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2429927
reference_id	2429927
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2429927

reference_url

https://www.oracle.com/security-alerts/cpujan2026.html

reference_id

cpujan2026.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:04:39Z/

url

https://www.oracle.com/security-alerts/cpujan2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:0847
reference_id	RHSA-2026:0847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0847

reference_url	https://access.redhat.com/errata/RHSA-2026:0848
reference_id	RHSA-2026:0848
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0848

reference_url	https://access.redhat.com/errata/RHSA-2026:0849
reference_id	RHSA-2026:0849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0849

reference_url	https://access.redhat.com/errata/RHSA-2026:0895
reference_id	RHSA-2026:0895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0895

reference_url	https://access.redhat.com/errata/RHSA-2026:0896
reference_id	RHSA-2026:0896
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0896

reference_url	https://access.redhat.com/errata/RHSA-2026:0897
reference_id	RHSA-2026:0897
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0897

reference_url	https://access.redhat.com/errata/RHSA-2026:0898
reference_id	RHSA-2026:0898
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0898

reference_url	https://access.redhat.com/errata/RHSA-2026:0899
reference_id	RHSA-2026:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0899

reference_url	https://access.redhat.com/errata/RHSA-2026:0900
reference_id	RHSA-2026:0900
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0900

reference_url	https://access.redhat.com/errata/RHSA-2026:0901
reference_id	RHSA-2026:0901
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0901

reference_url	https://access.redhat.com/errata/RHSA-2026:0927
reference_id	RHSA-2026:0927
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0927

reference_url	https://access.redhat.com/errata/RHSA-2026:0928
reference_id	RHSA-2026:0928
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0928

reference_url	https://access.redhat.com/errata/RHSA-2026:0931
reference_id	RHSA-2026:0931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0931

reference_url	https://access.redhat.com/errata/RHSA-2026:0932
reference_id	RHSA-2026:0932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0932

reference_url	https://access.redhat.com/errata/RHSA-2026:0933
reference_id	RHSA-2026:0933
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0933

reference_url	https://access.redhat.com/errata/RHSA-2026:1606
reference_id	RHSA-2026:1606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1606

reference_url	https://access.redhat.com/errata/RHSA-2026:4832
reference_id	RHSA-2026:4832
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4832

reference_url	https://usn.ubuntu.com/7995-1/
reference_id	USN-7995-1
reference_type
scores
url	https://usn.ubuntu.com/7995-1/

reference_url	https://usn.ubuntu.com/7996-1/
reference_id	USN-7996-1
reference_type
scores
url	https://usn.ubuntu.com/7996-1/

reference_url	https://usn.ubuntu.com/7997-1/
reference_id	USN-7997-1
reference_type
scores
url	https://usn.ubuntu.com/7997-1/

reference_url	https://usn.ubuntu.com/7998-1/
reference_id	USN-7998-1
reference_type
scores
url	https://usn.ubuntu.com/7998-1/

reference_url	https://usn.ubuntu.com/8000-1/
reference_id	USN-8000-1
reference_type
scores
url	https://usn.ubuntu.com/8000-1/

reference_url	https://usn.ubuntu.com/8001-1/
reference_id	USN-8001-1
reference_type
scores
url	https://usn.ubuntu.com/8001-1/

reference_url	https://usn.ubuntu.com/8002-1/
reference_id	USN-8002-1
reference_type
scores
url	https://usn.ubuntu.com/8002-1/

reference_url	https://usn.ubuntu.com/8003-1/
reference_id	USN-8003-1
reference_type
scores
url	https://usn.ubuntu.com/8003-1/

fixed_packages

url pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie

purl pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gha-995s-7qdg

vulnerability	VCID-57sd-8y93-qqhu

vulnerability	VCID-6r1k-8y1c-q7fm

vulnerability	VCID-jxgd-j4wr-tyb7

vulnerability	VCID-m54j-wfuk-yua7

vulnerability	VCID-sz6r-65q1-q3bh

vulnerability	VCID-xte1-h9nn-4bbk

vulnerability	VCID-zsun-4q6p-8fek

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1~deb13u2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.2%2B10-1?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.2%2B10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~5ea-2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~7ea-2%3Fdistro=trixie

url pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie

purl pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gha-995s-7qdg

vulnerability	VCID-57sd-8y93-qqhu

vulnerability	VCID-6r1k-8y1c-q7fm

vulnerability	VCID-jxgd-j4wr-tyb7

vulnerability	VCID-m54j-wfuk-yua7

vulnerability	VCID-sz6r-65q1-q3bh

vulnerability	VCID-xte1-h9nn-4bbk

vulnerability	VCID-zsun-4q6p-8fek

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie

aliases CVE-2026-21945

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-apsn-z1br-3bdy

url VCID-duy9-6f1p-vqah

vulnerability_id VCID-duy9-6f1p-vqah

summary openjdk: Enhance Handling of URIs (Oracle CPU 2026-01)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21932.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21932.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-21932

reference_id

reference_type

scores

value	0.00032
scoring_system	epss
scoring_elements	0.09259
published_at	2026-04-02T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09406
published_at	2026-04-24T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09205
published_at	2026-04-16T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09204
published_at	2026-04-18T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09355
published_at	2026-04-21T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.0931
published_at	2026-04-04T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09227
published_at	2026-04-07T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09302
published_at	2026-04-08T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09346
published_at	2026-04-09T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09356
published_at	2026-04-11T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09328
published_at	2026-04-12T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09314
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-21932

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21932
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21932

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119
reference_id	1126119
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2429925
reference_id	2429925
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2429925

reference_url

https://www.oracle.com/security-alerts/cpujan2026.html

reference_id

cpujan2026.html

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:55:36Z/

url

https://www.oracle.com/security-alerts/cpujan2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:0849
reference_id	RHSA-2026:0849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0849

reference_url	https://access.redhat.com/errata/RHSA-2026:0896
reference_id	RHSA-2026:0896
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0896

reference_url	https://access.redhat.com/errata/RHSA-2026:0898
reference_id	RHSA-2026:0898
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0898

reference_url	https://access.redhat.com/errata/RHSA-2026:0900
reference_id	RHSA-2026:0900
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0900

reference_url	https://access.redhat.com/errata/RHSA-2026:1606
reference_id	RHSA-2026:1606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1606

reference_url	https://usn.ubuntu.com/7995-1/
reference_id	USN-7995-1
reference_type
scores
url	https://usn.ubuntu.com/7995-1/

reference_url	https://usn.ubuntu.com/7996-1/
reference_id	USN-7996-1
reference_type
scores
url	https://usn.ubuntu.com/7996-1/

reference_url	https://usn.ubuntu.com/7997-1/
reference_id	USN-7997-1
reference_type
scores
url	https://usn.ubuntu.com/7997-1/

reference_url	https://usn.ubuntu.com/7998-1/
reference_id	USN-7998-1
reference_type
scores
url	https://usn.ubuntu.com/7998-1/

reference_url	https://usn.ubuntu.com/8000-1/
reference_id	USN-8000-1
reference_type
scores
url	https://usn.ubuntu.com/8000-1/

reference_url	https://usn.ubuntu.com/8001-1/
reference_id	USN-8001-1
reference_type
scores
url	https://usn.ubuntu.com/8001-1/

reference_url	https://usn.ubuntu.com/8002-1/
reference_id	USN-8002-1
reference_type
scores
url	https://usn.ubuntu.com/8002-1/

reference_url	https://usn.ubuntu.com/8003-1/
reference_id	USN-8003-1
reference_type
scores
url	https://usn.ubuntu.com/8003-1/

fixed_packages

url pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie

purl pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gha-995s-7qdg

vulnerability	VCID-57sd-8y93-qqhu

vulnerability	VCID-6r1k-8y1c-q7fm

vulnerability	VCID-jxgd-j4wr-tyb7

vulnerability	VCID-m54j-wfuk-yua7

vulnerability	VCID-sz6r-65q1-q3bh

vulnerability	VCID-xte1-h9nn-4bbk

vulnerability	VCID-zsun-4q6p-8fek

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1~deb13u2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.2%2B10-1?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.2%2B10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~5ea-2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~7ea-2%3Fdistro=trixie

url pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie

purl pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gha-995s-7qdg

vulnerability	VCID-57sd-8y93-qqhu

vulnerability	VCID-6r1k-8y1c-q7fm

vulnerability	VCID-jxgd-j4wr-tyb7

vulnerability	VCID-m54j-wfuk-yua7

vulnerability	VCID-sz6r-65q1-q3bh

vulnerability	VCID-xte1-h9nn-4bbk

vulnerability	VCID-zsun-4q6p-8fek

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie

aliases CVE-2026-21932

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-duy9-6f1p-vqah

url VCID-gwnq-we51-3bey

vulnerability_id VCID-gwnq-we51-3bey

summary openjdk: Enhance String handling (Oracle CPU 2025-10)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61748.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61748.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-61748

reference_id

reference_type

scores

value	0.00034
scoring_system	epss
scoring_elements	0.0979
published_at	2026-04-02T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09863
published_at	2026-04-24T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09702
published_at	2026-04-16T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09671
published_at	2026-04-18T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09815
published_at	2026-04-21T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.0984
published_at	2026-04-04T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09741
published_at	2026-04-07T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09812
published_at	2026-04-08T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09865
published_at	2026-04-09T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09872
published_at	2026-04-11T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09837
published_at	2026-04-12T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09821
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61748

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2403064
reference_id	2403064
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2403064

reference_url

https://www.oracle.com/security-alerts/cpuoct2025.html

reference_id

cpuoct2025.html

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-22T16:58:40Z/

url

https://www.oracle.com/security-alerts/cpuoct2025.html

reference_url	https://access.redhat.com/errata/RHSA-2025:18824
reference_id	RHSA-2025:18824
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18824

reference_url	https://access.redhat.com/errata/RHSA-2025:18825
reference_id	RHSA-2025:18825
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18825

reference_url	https://access.redhat.com/errata/RHSA-2025:18826
reference_id	RHSA-2025:18826
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18826

reference_url	https://access.redhat.com/errata/RHSA-2025:21485
reference_id	RHSA-2025:21485
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:21485

reference_url	https://usn.ubuntu.com/7884-1/
reference_id	USN-7884-1
reference_type
scores
url	https://usn.ubuntu.com/7884-1/

reference_url	https://usn.ubuntu.com/7885-1/
reference_id	USN-7885-1
reference_type
scores
url	https://usn.ubuntu.com/7885-1/

reference_url	https://usn.ubuntu.com/7901-1/
reference_id	USN-7901-1
reference_type
scores
url	https://usn.ubuntu.com/7901-1/

reference_url	https://usn.ubuntu.com/7902-1/
reference_id	USN-7902-1
reference_type
scores
url	https://usn.ubuntu.com/7902-1/

fixed_packages

url	pkg:deb/debian/openjdk-25@25.0.1%2B8-1~deb13u1?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.1%2B8-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.1%252B8-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.1%2B8-1?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.1%2B8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.1%252B8-1%3Fdistro=trixie

url pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie

purl pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gha-995s-7qdg

vulnerability	VCID-57sd-8y93-qqhu

vulnerability	VCID-6r1k-8y1c-q7fm

vulnerability	VCID-jxgd-j4wr-tyb7

vulnerability	VCID-m54j-wfuk-yua7

vulnerability	VCID-sz6r-65q1-q3bh

vulnerability	VCID-xte1-h9nn-4bbk

vulnerability	VCID-zsun-4q6p-8fek

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1~deb13u2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~5ea-2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~7ea-2%3Fdistro=trixie

url pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie

purl pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gha-995s-7qdg

vulnerability	VCID-57sd-8y93-qqhu

vulnerability	VCID-6r1k-8y1c-q7fm

vulnerability	VCID-jxgd-j4wr-tyb7

vulnerability	VCID-m54j-wfuk-yua7

vulnerability	VCID-sz6r-65q1-q3bh

vulnerability	VCID-xte1-h9nn-4bbk

vulnerability	VCID-zsun-4q6p-8fek

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie

aliases CVE-2025-61748

risk_score 1.6

exploitability 0.5

weighted_severity 3.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwnq-we51-3bey

url VCID-jxgd-j4wr-tyb7

vulnerability_id VCID-jxgd-j4wr-tyb7

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34268.json

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34268.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-34268

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01704
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-34268

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34268
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34268

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894
reference_id	1134894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460043
reference_id	2460043
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460043

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T13:55:07Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie

aliases CVE-2026-34268

risk_score 1.3

exploitability 0.5

weighted_severity 2.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxgd-j4wr-tyb7

url VCID-m54j-wfuk-yua7

vulnerability_id VCID-m54j-wfuk-yua7

summary Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22008.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22008.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22008

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07437
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22008

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460029
reference_id	2460029
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460029

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:38Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:7286
reference_id	RHSA-2026:7286
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7286

reference_url	https://access.redhat.com/errata/RHSA-2026:7311
reference_id	RHSA-2026:7311
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7311

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie

aliases CVE-2026-22008

risk_score 1.6

exploitability 0.5

weighted_severity 3.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m54j-wfuk-yua7

url VCID-mt9c-tby1-wqe9

vulnerability_id VCID-mt9c-tby1-wqe9

summary openjdk: Improve JMX connections (Oracle CPU 2026-01)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21925.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21925.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-21925

reference_id

reference_type

scores

value	0.00035
scoring_system	epss
scoring_elements	0.10163
published_at	2026-04-02T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10194
published_at	2026-04-24T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10104
published_at	2026-04-16T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10082
published_at	2026-04-18T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10215
published_at	2026-04-21T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10229
published_at	2026-04-04T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10125
published_at	2026-04-07T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.102
published_at	2026-04-08T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.1026
published_at	2026-04-09T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10292
published_at	2026-04-11T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10251
published_at	2026-04-12T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10232
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-21925

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21925
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21925

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119
reference_id	1126119
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2429924
reference_id	2429924
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2429924

reference_url

https://www.oracle.com/security-alerts/cpujan2026.html

reference_id

cpujan2026.html

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:50:27Z/

url

https://www.oracle.com/security-alerts/cpujan2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:0847
reference_id	RHSA-2026:0847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0847

reference_url	https://access.redhat.com/errata/RHSA-2026:0848
reference_id	RHSA-2026:0848
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0848

reference_url	https://access.redhat.com/errata/RHSA-2026:0849
reference_id	RHSA-2026:0849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0849

reference_url	https://access.redhat.com/errata/RHSA-2026:0895
reference_id	RHSA-2026:0895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0895

reference_url	https://access.redhat.com/errata/RHSA-2026:0896
reference_id	RHSA-2026:0896
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0896

reference_url	https://access.redhat.com/errata/RHSA-2026:0897
reference_id	RHSA-2026:0897
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0897

reference_url	https://access.redhat.com/errata/RHSA-2026:0898
reference_id	RHSA-2026:0898
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0898

reference_url	https://access.redhat.com/errata/RHSA-2026:0899
reference_id	RHSA-2026:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0899

reference_url	https://access.redhat.com/errata/RHSA-2026:0900
reference_id	RHSA-2026:0900
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0900

reference_url	https://access.redhat.com/errata/RHSA-2026:0901
reference_id	RHSA-2026:0901
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0901

reference_url	https://access.redhat.com/errata/RHSA-2026:0927
reference_id	RHSA-2026:0927
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0927

reference_url	https://access.redhat.com/errata/RHSA-2026:0928
reference_id	RHSA-2026:0928
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0928

reference_url	https://access.redhat.com/errata/RHSA-2026:0931
reference_id	RHSA-2026:0931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0931

reference_url	https://access.redhat.com/errata/RHSA-2026:0932
reference_id	RHSA-2026:0932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0932

reference_url	https://access.redhat.com/errata/RHSA-2026:0933
reference_id	RHSA-2026:0933
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0933

reference_url	https://access.redhat.com/errata/RHSA-2026:1606
reference_id	RHSA-2026:1606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1606

reference_url	https://access.redhat.com/errata/RHSA-2026:4832
reference_id	RHSA-2026:4832
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4832

reference_url	https://usn.ubuntu.com/7995-1/
reference_id	USN-7995-1
reference_type
scores
url	https://usn.ubuntu.com/7995-1/

reference_url	https://usn.ubuntu.com/7996-1/
reference_id	USN-7996-1
reference_type
scores
url	https://usn.ubuntu.com/7996-1/

reference_url	https://usn.ubuntu.com/7997-1/
reference_id	USN-7997-1
reference_type
scores
url	https://usn.ubuntu.com/7997-1/

reference_url	https://usn.ubuntu.com/7998-1/
reference_id	USN-7998-1
reference_type
scores
url	https://usn.ubuntu.com/7998-1/

reference_url	https://usn.ubuntu.com/8000-1/
reference_id	USN-8000-1
reference_type
scores
url	https://usn.ubuntu.com/8000-1/

reference_url	https://usn.ubuntu.com/8001-1/
reference_id	USN-8001-1
reference_type
scores
url	https://usn.ubuntu.com/8001-1/

reference_url	https://usn.ubuntu.com/8002-1/
reference_id	USN-8002-1
reference_type
scores
url	https://usn.ubuntu.com/8002-1/

reference_url	https://usn.ubuntu.com/8003-1/
reference_id	USN-8003-1
reference_type
scores
url	https://usn.ubuntu.com/8003-1/

fixed_packages

url pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie

purl pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gha-995s-7qdg

vulnerability	VCID-57sd-8y93-qqhu

vulnerability	VCID-6r1k-8y1c-q7fm

vulnerability	VCID-jxgd-j4wr-tyb7

vulnerability	VCID-m54j-wfuk-yua7

vulnerability	VCID-sz6r-65q1-q3bh

vulnerability	VCID-xte1-h9nn-4bbk

vulnerability	VCID-zsun-4q6p-8fek

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1~deb13u2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.2%2B10-1?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.2%2B10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~5ea-2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~7ea-2%3Fdistro=trixie

url pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie

purl pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gha-995s-7qdg

vulnerability	VCID-57sd-8y93-qqhu

vulnerability	VCID-6r1k-8y1c-q7fm

vulnerability	VCID-jxgd-j4wr-tyb7

vulnerability	VCID-m54j-wfuk-yua7

vulnerability	VCID-sz6r-65q1-q3bh

vulnerability	VCID-xte1-h9nn-4bbk

vulnerability	VCID-zsun-4q6p-8fek

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie

aliases CVE-2026-21925

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mt9c-tby1-wqe9

url VCID-nxx8-nehy-qyhg

vulnerability_id VCID-nxx8-nehy-qyhg

summary openjdk: Enhance Path Factories (Oracle CPU 2025-10)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53066.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53066.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-53066

reference_id

reference_type

scores

value	0.00055
scoring_system	epss
scoring_elements	0.17286
published_at	2026-04-02T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17019
published_at	2026-04-24T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17073
published_at	2026-04-16T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17078
published_at	2026-04-18T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17113
published_at	2026-04-21T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17335
published_at	2026-04-04T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17115
published_at	2026-04-07T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17207
published_at	2026-04-08T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17263
published_at	2026-04-09T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17241
published_at	2026-04-11T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17193
published_at	2026-04-12T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17132
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-53066

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53066
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53066

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118944
reference_id	1118944
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118944

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2403063
reference_id	2403063
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2403063

reference_url

https://www.oracle.com/security-alerts/cpuoct2025.html

reference_id

cpuoct2025.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-22T19:44:34Z/

url

https://www.oracle.com/security-alerts/cpuoct2025.html

reference_url	https://access.redhat.com/errata/RHSA-2025:18814
reference_id	RHSA-2025:18814
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18814

reference_url	https://access.redhat.com/errata/RHSA-2025:18815
reference_id	RHSA-2025:18815
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18815

reference_url	https://access.redhat.com/errata/RHSA-2025:18816
reference_id	RHSA-2025:18816
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18816

reference_url	https://access.redhat.com/errata/RHSA-2025:18817
reference_id	RHSA-2025:18817
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18817

reference_url	https://access.redhat.com/errata/RHSA-2025:18818
reference_id	RHSA-2025:18818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18818

reference_url	https://access.redhat.com/errata/RHSA-2025:18819
reference_id	RHSA-2025:18819
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18819

reference_url	https://access.redhat.com/errata/RHSA-2025:18820
reference_id	RHSA-2025:18820
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18820

reference_url	https://access.redhat.com/errata/RHSA-2025:18821
reference_id	RHSA-2025:18821
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18821

reference_url	https://access.redhat.com/errata/RHSA-2025:18822
reference_id	RHSA-2025:18822
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18822

reference_url	https://access.redhat.com/errata/RHSA-2025:18823
reference_id	RHSA-2025:18823
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18823

reference_url	https://access.redhat.com/errata/RHSA-2025:18824
reference_id	RHSA-2025:18824
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18824

reference_url	https://access.redhat.com/errata/RHSA-2025:18825
reference_id	RHSA-2025:18825
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18825

reference_url	https://access.redhat.com/errata/RHSA-2025:18826
reference_id	RHSA-2025:18826
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18826

reference_url	https://access.redhat.com/errata/RHSA-2025:21485
reference_id	RHSA-2025:21485
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:21485

reference_url	https://access.redhat.com/errata/RHSA-2025:22370
reference_id	RHSA-2025:22370
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22370

reference_url	https://access.redhat.com/errata/RHSA-2025:22672
reference_id	RHSA-2025:22672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22672

reference_url	https://usn.ubuntu.com/7881-1/
reference_id	USN-7881-1
reference_type
scores
url	https://usn.ubuntu.com/7881-1/

reference_url	https://usn.ubuntu.com/7882-1/
reference_id	USN-7882-1
reference_type
scores
url	https://usn.ubuntu.com/7882-1/

reference_url	https://usn.ubuntu.com/7883-1/
reference_id	USN-7883-1
reference_type
scores
url	https://usn.ubuntu.com/7883-1/

reference_url	https://usn.ubuntu.com/7884-1/
reference_id	USN-7884-1
reference_type
scores
url	https://usn.ubuntu.com/7884-1/

reference_url	https://usn.ubuntu.com/7885-1/
reference_id	USN-7885-1
reference_type
scores
url	https://usn.ubuntu.com/7885-1/

reference_url	https://usn.ubuntu.com/7900-1/
reference_id	USN-7900-1
reference_type
scores
url	https://usn.ubuntu.com/7900-1/

reference_url	https://usn.ubuntu.com/7901-1/
reference_id	USN-7901-1
reference_type
scores
url	https://usn.ubuntu.com/7901-1/

reference_url	https://usn.ubuntu.com/7902-1/
reference_id	USN-7902-1
reference_type
scores
url	https://usn.ubuntu.com/7902-1/

fixed_packages

url	pkg:deb/debian/openjdk-25@25.0.1%2B8-1~deb13u1?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.1%2B8-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.1%252B8-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.1%2B8-1?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.1%2B8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.1%252B8-1%3Fdistro=trixie

url pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie

purl pkg:deb/debian/openjdk-25@25.0.2%2B10-1~deb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gha-995s-7qdg

vulnerability	VCID-57sd-8y93-qqhu

vulnerability	VCID-6r1k-8y1c-q7fm

vulnerability	VCID-jxgd-j4wr-tyb7

vulnerability	VCID-m54j-wfuk-yua7

vulnerability	VCID-sz6r-65q1-q3bh

vulnerability	VCID-xte1-h9nn-4bbk

vulnerability	VCID-zsun-4q6p-8fek

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.2%252B10-1~deb13u2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~5ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~5ea-2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~7ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~7ea-2%3Fdistro=trixie

url pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie

purl pkg:deb/debian/openjdk-25@25.0.3~8ea-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gha-995s-7qdg

vulnerability	VCID-57sd-8y93-qqhu

vulnerability	VCID-6r1k-8y1c-q7fm

vulnerability	VCID-jxgd-j4wr-tyb7

vulnerability	VCID-m54j-wfuk-yua7

vulnerability	VCID-sz6r-65q1-q3bh

vulnerability	VCID-xte1-h9nn-4bbk

vulnerability	VCID-zsun-4q6p-8fek

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3~8ea-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3~8ea-2%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie

aliases CVE-2025-53066

risk_score 2.6

exploitability 0.5

weighted_severity 5.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nxx8-nehy-qyhg

url VCID-sz6r-65q1-q3bh

vulnerability_id VCID-sz6r-65q1-q3bh

summary Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22021.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22021.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22021

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.11666
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22021

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22021
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22021

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894
reference_id	1134894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460042
reference_id	2460042
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460042

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T13:58:16Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie

aliases CVE-2026-22021

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sz6r-65q1-q3bh

url VCID-xte1-h9nn-4bbk

vulnerability_id VCID-xte1-h9nn-4bbk

summary Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22018.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22018.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22018

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.11666
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22018

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22018
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22018

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894
reference_id	1134894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460041
reference_id	2460041
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460041

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:52Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie

aliases CVE-2026-22018

risk_score 1.6

exploitability 0.5

weighted_severity 3.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xte1-h9nn-4bbk

url VCID-zsun-4q6p-8fek

vulnerability_id VCID-zsun-4q6p-8fek

summary Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22013.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22013.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22013

reference_id

reference_type

scores

value	0.0004
scoring_system	epss
scoring_elements	0.12118
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22013

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894
reference_id	1134894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460040
reference_id	2460040
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460040

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:09:34Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-1%3Fdistro=trixie

url	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
purl	pkg:deb/debian/openjdk-25@25.0.3%2B9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie

aliases CVE-2026-22013

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zsun-4q6p-8fek

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-25@25.0.3%252B9-2%3Fdistro=trixie

Package Instance