Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1088726?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1088726?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "pypy3", "version": "7.3.21+dfsg-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0", "latest_non_vulnerable_version": "7.3.22+dfsg-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66415?format=api", "vulnerability_id": "VCID-1uk5-6yqb-dyb5", "summary": "cpython: Out-of-memory when loading Plist", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13837.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13837.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07029", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10713", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10652", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10619", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10621", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10668", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10539", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10522", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10659", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10683", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10714", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10701", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10643", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1057", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126782", "reference_id": "1126782", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126782" }, { "reference_url": "https://github.com/python/cpython/issues/119342", "reference_id": "119342", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/" } ], "url": "https://github.com/python/cpython/issues/119342" }, { "reference_url": "https://github.com/python/cpython/pull/119343", "reference_id": "119343", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/" } ], "url": "https://github.com/python/cpython/pull/119343" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084", "reference_id": "2418084", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/", "reference_id": "2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/" }, { "reference_url": "https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036", "reference_id": "568342cfc8f002d9a15f30238f26b9d2e0e79036", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/" } ], "url": "https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036" }, { "reference_url": "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b", "reference_id": "5a8b19677d818fb41ee55f310233772e15aa1a2b", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/" } ], "url": "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b" }, { "reference_url": "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70", "reference_id": "694922cf40aa3a28f898b5f5ee08b71b4922df70", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/" } ], "url": "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70" }, { "reference_url": "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba", "reference_id": "71fa8eb8233b37f16c88b6e3e583b461b205d1ba", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/" } ], "url": "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba" }, { "reference_url": "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb", "reference_id": "b64441e4852383645af5b435411a6f849dd1b4cb", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/" } ], "url": "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb" }, { "reference_url": "https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111", "reference_id": "cefee7d118a26ef6cd43db59bb9d98ca9a331111", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/" } ], "url": "https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10950", "reference_id": "RHSA-2026:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://usn.ubuntu.com/8018-1/", "reference_id": "USN-8018-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088726?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936182?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" }, { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088725?format=api", "purl": "pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-13837" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1uk5-6yqb-dyb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64940?format=api", "vulnerability_id": "VCID-8b19-pezx-6bcd", "summary": "cpython: wsgiref.headers.Headers allows header newline injection in Python", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0865.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0865.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32822", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32327", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.3241", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32526", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32709", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32731", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32692", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32679", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32727", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32858", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32719", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32755", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32753", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126739", "reference_id": "1126739", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126739" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126740", "reference_id": "1126740", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126740" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126741", "reference_id": "1126741", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126741" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126742", "reference_id": "1126742", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126742" }, { "reference_url": "https://github.com/python/cpython/issues/143916", "reference_id": "143916", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/issues/143916" }, { "reference_url": "https://github.com/python/cpython/pull/143917", "reference_id": "143917", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/pull/143917" }, { "reference_url": "https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58", "reference_id": "22e4d55285cee52bc4dbe061324e5f30bd4dee58", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58" }, { "reference_url": "https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510", "reference_id": "23e3c0ae867cca0130e441e776c9955b9027c510", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431367", "reference_id": "2431367", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431367" }, { "reference_url": "https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f", "reference_id": "286e3ac39984fe85a17f4ab39c64d382137aae5f", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f" }, { "reference_url": "https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2", "reference_id": "2f840249550e082dc351743f474ba56da10478d2", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2" }, { "reference_url": "https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5", "reference_id": "4802b96a2cde58570c24c13ef3289490980961c5", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5" }, { "reference_url": "https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6", "reference_id": "66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6" }, { "reference_url": "https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff", "reference_id": "83ecd18779f286d872f68bfce175651e407d9fff", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff" }, { "reference_url": "https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97", "reference_id": "8bb044d29310bb05d15086cdaa8bf64867d61a97", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97" }, { "reference_url": "https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf", "reference_id": "bfba660085767f8c2d582134e9d511a85eda04cf", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/", "reference_id": "BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/" }, { "reference_url": "https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219", "reference_id": "c592227ffb48679af9845a45dbb0875d975bb219", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219" }, { "reference_url": "https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995", "reference_id": "e4846a93ac07a8ae9aa18203af0dd13d6e7a6995", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995" }, { "reference_url": "https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211", "reference_id": "f7fceed79ca1bceae8dbe5ba5bc8928564da7211", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2128", "reference_id": "RHSA-2026:2128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4168", "reference_id": "RHSA-2026:4168", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4168" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4463", "reference_id": "RHSA-2026:4463", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4463" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4473", "reference_id": "RHSA-2026:4473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4713", "reference_id": "RHSA-2026:4713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4943", "reference_id": "RHSA-2026:4943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5606", "reference_id": "RHSA-2026:5606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6253", "reference_id": "RHSA-2026:6253", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6253" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://usn.ubuntu.com/8018-1/", "reference_id": "USN-8018-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-1/" }, { "reference_url": "https://usn.ubuntu.com/8018-2/", "reference_id": "USN-8018-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-2/" }, { "reference_url": "https://usn.ubuntu.com/8018-3/", "reference_id": "USN-8018-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088726?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936182?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" }, { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088725?format=api", "purl": "pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-0865" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8b19-pezx-6bcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66416?format=api", "vulnerability_id": "VCID-8dtv-379a-wqfs", "summary": "cpython: Excessive read buffering DoS in http.client", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13836.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.2743", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41613", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41585", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41406", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41411", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41518", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41594", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4162", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41574", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41587", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41621", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41599", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41589", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41539", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126783", "reference_id": "1126783", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126783" }, { "reference_url": "https://github.com/python/cpython/issues/119451", "reference_id": "119451", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/" } ], "url": "https://github.com/python/cpython/issues/119451" }, { "reference_url": "https://github.com/python/cpython/pull/119454", "reference_id": "119454", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/" } ], "url": "https://github.com/python/cpython/pull/119454" }, { "reference_url": "https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628", "reference_id": "14b1fdb0a94b96f86fc7b86671ea9582b8676628", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418078", "reference_id": "2418078", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418078" }, { "reference_url": "https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15", "reference_id": "289f29b0fe38baf2d7cb5854f4bb573cc34a6a15", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15" }, { "reference_url": "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155", "reference_id": "4ce27904b597c77d74dd93f2c912676021a99155", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155" }, { "reference_url": "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5", "reference_id": "5a4c4a033a4a54481be6870aa1896fad732555b5", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5" }, { "reference_url": "https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0", "reference_id": "5dc101675fd22918facbbe0fecdc821502beaaf0", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0" }, { "reference_url": "https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c", "reference_id": "afc40bdd3dd71f343fd9016f6d8eebbacbd6587c", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/", "reference_id": "OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1374", "reference_id": "RHSA-2026:1374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1408", "reference_id": "RHSA-2026:1408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1410", "reference_id": "RHSA-2026:1410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1736", "reference_id": "RHSA-2026:1736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1828", "reference_id": "RHSA-2026:1828", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1828" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1892", "reference_id": "RHSA-2026:1892", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1893", "reference_id": "RHSA-2026:1893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1893" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1922", "reference_id": "RHSA-2026:1922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2084", "reference_id": "RHSA-2026:2084", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2084" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2233", "reference_id": "RHSA-2026:2233", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2233" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2419", "reference_id": "RHSA-2026:2419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2563", "reference_id": "RHSA-2026:2563", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2563" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3897", "reference_id": "RHSA-2026:3897", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3897" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3900", "reference_id": "RHSA-2026:3900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4943", "reference_id": "RHSA-2026:4943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746", "reference_id": "RHSA-2026:8746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747", "reference_id": "RHSA-2026:8747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748", "reference_id": "RHSA-2026:8748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://usn.ubuntu.com/7951-1/", "reference_id": "USN-7951-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7951-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936192?format=api", "purl": "pkg:deb/debian/pypy3@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936179?format=api", "purl": "pkg:deb/debian/pypy3@7.3.5%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-2v5u-2z4w-ffgx" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8hug-fhhb-sbgt" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-a8mv-mr3q-vygz" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-bqp2-x383-xqfh" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-qwhz-912b-8kh5" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.5%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088726?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936182?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" }, { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088725?format=api", "purl": "pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-13836" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8dtv-379a-wqfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64939?format=api", "vulnerability_id": "VCID-94n7-6q4s-3udv", "summary": "cpython: Header injection via newlines in data URL mediatype in Python", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15282.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15282.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-15282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13681", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13418", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13742", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13544", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13624", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13676", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13646", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13609", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13561", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13476", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13472", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13543", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13555", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13527", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-15282" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0", "reference_id": "05356b1cc153108aaf27f3b72ce438af4aa218c0", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/" } ], "url": "https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126779", "reference_id": "1126779", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126779" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126780", "reference_id": "1126780", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126780" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126781", "reference_id": "1126781", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126781" }, { "reference_url": "https://github.com/python/cpython/issues/143925", "reference_id": "143925", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/" } ], "url": "https://github.com/python/cpython/issues/143925" }, { "reference_url": "https://github.com/python/cpython/pull/143926", "reference_id": "143926", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/" } ], "url": "https://github.com/python/cpython/pull/143926" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366", "reference_id": "2431366", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366" }, { "reference_url": "https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38", "reference_id": "34d76b00dabde81a793bd06dd8ecb057838c4b38", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/" } ], "url": "https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38" }, { "reference_url": "https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80", "reference_id": "3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/" } ], "url": "https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80" }, { "reference_url": "https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47", "reference_id": "4ed11d3cd288e6b90196a15c5a825a45d318fe47", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/" } ], "url": "https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47" }, { "reference_url": "https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a", "reference_id": "a35ca3be5842505dab74dc0b90b89cde0405017a", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/" } ], "url": "https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a" }, { "reference_url": "https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f", "reference_id": "f25509e78e8be6ea73c811ac2b8c928c28841b9f", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/" } ], "url": "https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10950", "reference_id": "RHSA-2026:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://usn.ubuntu.com/8018-1/", "reference_id": "USN-8018-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-1/" }, { "reference_url": "https://usn.ubuntu.com/8018-3/", "reference_id": "USN-8018-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-3/" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/", "reference_id": "X66HL7SISGJT33J53OHXMZT4DFLMHVKF", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088726?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936182?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" }, { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088725?format=api", "purl": "pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-15282" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-94n7-6q4s-3udv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64945?format=api", "vulnerability_id": "VCID-bn83-d2qp-9bfy", "summary": "cpython: Missing character filtering in Python", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11468.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11468.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11468", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11821", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11561", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11863", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11649", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11734", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11787", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11797", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11759", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11733", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11597", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11595", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11718", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11676", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11637", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11468" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094", "reference_id": "003b8315669b9f08b1010a49071f73f15f818094", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/" } ], "url": "https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126786", "reference_id": "1126786", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126786" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126787", "reference_id": "1126787", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126787" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126788", "reference_id": "1126788", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126788" }, { "reference_url": "https://github.com/python/cpython/issues/143935", "reference_id": "143935", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/" } ], "url": "https://github.com/python/cpython/issues/143935" }, { "reference_url": "https://github.com/python/cpython/pull/143936", "reference_id": "143936", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/" } ], "url": "https://github.com/python/cpython/pull/143936" }, { "reference_url": "https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2", "reference_id": "17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/" } ], "url": "https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431375", "reference_id": "2431375", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431375" }, { "reference_url": "https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6", "reference_id": "61614a5e5056e4f61ced65008d4576f3df34acb6", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/" } ], "url": "https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6" }, { "reference_url": "https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66", "reference_id": "a76e4cd62dd68e7cbe86e37e6ed988495a646b66", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/" } ], "url": "https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66" }, { "reference_url": "https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0", "reference_id": "e9970f077240c7c670e8a6fc6662f2b30d3b6ad0", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/" } ], "url": "https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0" }, { "reference_url": "https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796", "reference_id": "f738386838021c762efea6c9802c82de65e87796", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/" } ], "url": "https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/", "reference_id": "FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://usn.ubuntu.com/8018-1/", "reference_id": "USN-8018-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088726?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936182?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" }, { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088725?format=api", "purl": "pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-11468" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bn83-d2qp-9bfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69414?format=api", "vulnerability_id": "VCID-emaw-jmek-9bcy", "summary": "cpython: Python HTMLParser quadratic complexity", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6069.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6069.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6069", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51588", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.5389", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53842", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53844", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53818", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53792", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53873", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75166", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75086", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75123", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.7513", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.7512", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75159", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75162", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6069" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6069", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6069" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109376", "reference_id": "1109376", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109376" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118430", "reference_id": "1118430", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118430" }, { "reference_url": "https://github.com/python/cpython/issues/135462", "reference_id": "135462", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://github.com/python/cpython/issues/135462" }, { "reference_url": "https://github.com/python/cpython/pull/135464", "reference_id": "135464", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://github.com/python/cpython/pull/135464" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373234", "reference_id": "2373234", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373234" }, { "reference_url": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949", "reference_id": "4455cbabf991e202185a25a631af206f60bbc949", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949" }, { "reference_url": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41", "reference_id": "6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41" }, { "reference_url": "https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49", "reference_id": "8d1b3dfa09135affbbf27fb8babcf3c11415df49", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49" }, { "reference_url": "https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5", "reference_id": "ab0893fd5c579d9cea30841680e6d35fc478afb5", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5" }, { "reference_url": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b", "reference_id": "d851f8e258c7328814943e923a7df81bca15df4b", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b" }, { "reference_url": "https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc", "reference_id": "f3c6f882cddc8dc30320d2e73edf019e201394fc", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc" }, { "reference_url": "https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15", "reference_id": "fdc9d214c01cb4588f540cfa03726bbf2a33fc15", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/", "reference_id": "K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23342", "reference_id": "RHSA-2025:23342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0685", "reference_id": "RHSA-2026:0685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1858", "reference_id": "RHSA-2026:1858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1858" }, { "reference_url": "https://usn.ubuntu.com/7710-1/", "reference_id": "USN-7710-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7710-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936179?format=api", "purl": "pkg:deb/debian/pypy3@7.3.5%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-2v5u-2z4w-ffgx" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8hug-fhhb-sbgt" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-a8mv-mr3q-vygz" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-bqp2-x383-xqfh" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-qwhz-912b-8kh5" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.5%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936202?format=api", "purl": "pkg:deb/debian/pypy3@7.3.5%2Bdfsg-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.5%252Bdfsg-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088726?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936182?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" }, { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088725?format=api", "purl": "pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-6069" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-emaw-jmek-9bcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66621?format=api", "vulnerability_id": "VCID-fcsb-dn49-47gy", "summary": "python: Quadratic complexity in os.path.expandvars() with user-controlled template", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6075.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6075.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05661", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05701", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0576", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05734", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05694", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08429", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08536", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08553", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08574", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08541", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08587", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08414", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08938", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6075" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126777", "reference_id": "1126777", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126777" }, { "reference_url": "https://github.com/python/cpython/issues/136065", "reference_id": "136065", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/" } ], "url": "https://github.com/python/cpython/issues/136065" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891", "reference_id": "2408891", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891" }, { "reference_url": "https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c", "reference_id": "2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/" } ], "url": "https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c" }, { "reference_url": "https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427", "reference_id": "5dceb93486176e6b4a6d9754491005113eb23427", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/" } ], "url": "https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427" }, { "reference_url": "https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84", "reference_id": "631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/" } ], "url": "https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84" }, { "reference_url": "https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca", "reference_id": "892747b4cf0f95ba8beb51c0d0658bfaa381ebca", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/" } ], "url": "https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca" }, { "reference_url": "https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742", "reference_id": "9ab89c026aa9611c4b0b67c288b8303a480fe742", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/" } ], "url": "https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742" }, { "reference_url": "https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba", "reference_id": "c8a5f3435c342964e0a432cc9fb448b7dbecd1ba", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/" } ], "url": "https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba" }, { "reference_url": "https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c", "reference_id": "f029e8db626ddc6e3a3beea4eff511a71aaceb5c", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/" } ], "url": "https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/", "reference_id": "IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23342", "reference_id": "RHSA-2025:23342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0685", "reference_id": "RHSA-2026:0685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10950", "reference_id": "RHSA-2026:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://usn.ubuntu.com/7886-1/", "reference_id": "USN-7886-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7886-1/" }, { "reference_url": "https://usn.ubuntu.com/7886-2/", "reference_id": "USN-7886-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7886-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088726?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936182?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" }, { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088725?format=api", "purl": "pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-6075" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fcsb-dn49-47gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64889?format=api", "vulnerability_id": "VCID-kn9b-2gxw-gqgx", "summary": "cpython: email header injection due to unquoted newlines", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1299.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1299.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1299", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13681", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13418", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13742", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13544", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13624", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13676", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13646", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13609", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13561", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13476", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13472", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13543", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13555", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13527", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413", "reference_id": "052e55e7d44718fe46cbba0ca995cb8fcc359413", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413" }, { "reference_url": "https://github.com/python/cpython/commit/0a925ab591c45d6638f37b5e57796f36fa0e56d8", "reference_id": "0a925ab591c45d6638f37b5e57796f36fa0e56d8", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://github.com/python/cpython/commit/0a925ab591c45d6638f37b5e57796f36fa0e56d8" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126744", "reference_id": "1126744", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126744" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126745", "reference_id": "1126745", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126745" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126746", "reference_id": "1126746", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126746" }, { "reference_url": "https://github.com/python/cpython/issues/144125", "reference_id": "144125", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://github.com/python/cpython/issues/144125" }, { "reference_url": "https://github.com/python/cpython/pull/144126", "reference_id": "144126", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://github.com/python/cpython/pull/144126" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432437", "reference_id": "2432437", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432437" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/", "reference_id": "6ZZULGALJTITEAGEXLDJE2C6FORDXPBT", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/" }, { "reference_url": "https://github.com/python/cpython/commit/7877fe424415bc4a13045e62a90a7277413d8cb9", "reference_id": "7877fe424415bc4a13045e62a90a7277413d8cb9", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://github.com/python/cpython/commit/7877fe424415bc4a13045e62a90a7277413d8cb9" }, { "reference_url": "https://github.com/python/cpython/commit/842ce19a0c0b58d61591e8f6a708c38db1fb94e4", "reference_id": "842ce19a0c0b58d61591e8f6a708c38db1fb94e4", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://github.com/python/cpython/commit/842ce19a0c0b58d61591e8f6a708c38db1fb94e4" }, { "reference_url": "https://github.com/python/cpython/commit/8cdf6204f4ae821f32993f8fc6bad0d318f95f36", "reference_id": "8cdf6204f4ae821f32993f8fc6bad0d318f95f36", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://github.com/python/cpython/commit/8cdf6204f4ae821f32993f8fc6bad0d318f95f36" }, { "reference_url": "https://cve.org/CVERecord?id=CVE-2024-6923", "reference_id": "CVERecord?id=CVE-2024-6923", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://cve.org/CVERecord?id=CVE-2024-6923" }, { "reference_url": "https://github.com/python/cpython/commit/e417f05ad77a4c30ddc07f99e90fc0cef43e831a", "reference_id": "e417f05ad77a4c30ddc07f99e90fc0cef43e831a", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://github.com/python/cpython/commit/e417f05ad77a4c30ddc07f99e90fc0cef43e831a" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2128", "reference_id": "RHSA-2026:2128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4165", "reference_id": "RHSA-2026:4165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4168", "reference_id": "RHSA-2026:4168", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4168" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4216", "reference_id": "RHSA-2026:4216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4463", "reference_id": "RHSA-2026:4463", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4463" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4473", "reference_id": "RHSA-2026:4473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4713", "reference_id": "RHSA-2026:4713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4746", "reference_id": "RHSA-2026:4746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4943", "reference_id": "RHSA-2026:4943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5152", "reference_id": "RHSA-2026:5152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5215", "reference_id": "RHSA-2026:5215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5216", "reference_id": "RHSA-2026:5216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5218", "reference_id": "RHSA-2026:5218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5219", "reference_id": "RHSA-2026:5219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5221", "reference_id": "RHSA-2026:5221", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5221" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5223", "reference_id": "RHSA-2026:5223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5225", "reference_id": "RHSA-2026:5225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5226", "reference_id": "RHSA-2026:5226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5315", "reference_id": "RHSA-2026:5315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5399", "reference_id": "RHSA-2026:5399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5606", "reference_id": "RHSA-2026:5606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6008", "reference_id": "RHSA-2026:6008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6008" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6253", "reference_id": "RHSA-2026:6253", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6253" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6464", "reference_id": "RHSA-2026:6464", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6464" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7329", "reference_id": "RHSA-2026:7329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746", "reference_id": "RHSA-2026:8746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747", "reference_id": "RHSA-2026:8747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748", "reference_id": "RHSA-2026:8748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088726?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936182?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" }, { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088725?format=api", "purl": "pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-1299" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kn9b-2gxw-gqgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68453?format=api", "vulnerability_id": "VCID-mtk7-qut6-syd8", "summary": "cpython: Cpython infinite loop when parsing a tarfile", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8194.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8194.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8194", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.3921", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39174", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39211", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.392", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39184", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39129", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40883", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45951", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45957", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45905", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48132", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49038", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49072", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49082", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8194" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8194", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8194" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124764", "reference_id": "1124764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124764" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126758", "reference_id": "1126758", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126758" }, { "reference_url": "https://github.com/python/cpython/issues/130577", "reference_id": "130577", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://github.com/python/cpython/issues/130577" }, { "reference_url": "https://github.com/python/cpython/pull/137027", "reference_id": "137027", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://github.com/python/cpython/pull/137027" }, { "reference_url": "https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1", "reference_id": "1716ac5b82b73dbcbf23ad2eff8b33e1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384043", "reference_id": "2384043", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384043" }, { "reference_url": "https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2", "reference_id": "57f5981d6260ed21266e0c26951b8564cc252bc2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2" }, { "reference_url": "https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38", "reference_id": "7040aa54f14676938970e10c5f74ea93cd56aa38", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38" }, { "reference_url": "https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19", "reference_id": "73f03e4808206f71eb6b92c579505a220942ef19", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19" }, { "reference_url": "https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb", "reference_id": "b4ec17488eedec36d3c05fec127df71c0071f6cb", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb" }, { "reference_url": "https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f", "reference_id": "c9d9f78feb1467e73fd29356c040bde1c104f29f", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f" }, { "reference_url": "https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe", "reference_id": "cdae923ffe187d6ef916c0f665a31249619193fe", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe" }, { "reference_url": "https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227", "reference_id": "fbc2a0ca9ac8aff6887f8ddf79b87b4510277227", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14546", "reference_id": "RHSA-2025:14546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14560", "reference_id": "RHSA-2025:14560", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14841", "reference_id": "RHSA-2025:14841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14900", "reference_id": "RHSA-2025:14900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14984", "reference_id": "RHSA-2025:14984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15007", "reference_id": "RHSA-2025:15007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15010", "reference_id": "RHSA-2025:15010", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15010" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15019", "reference_id": "RHSA-2025:15019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15348", "reference_id": "RHSA-2025:15348", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15348" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15724", "reference_id": "RHSA-2025:15724", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15800", "reference_id": "RHSA-2025:15800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15968", "reference_id": "RHSA-2025:15968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16012", "reference_id": "RHSA-2025:16012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16016", "reference_id": "RHSA-2025:16016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16031", "reference_id": "RHSA-2025:16031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16062", "reference_id": "RHSA-2025:16062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16078", "reference_id": "RHSA-2025:16078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16117", "reference_id": "RHSA-2025:16117", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16117" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16118", "reference_id": "RHSA-2025:16118", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16118" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16151", "reference_id": "RHSA-2025:16151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16152", "reference_id": "RHSA-2025:16152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16153", "reference_id": "RHSA-2025:16153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16262", "reference_id": "RHSA-2025:16262", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16262" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16524", "reference_id": "RHSA-2025:16524", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16524" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19421", "reference_id": "RHSA-2025:19421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19422", "reference_id": "RHSA-2025:19422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19423", "reference_id": "RHSA-2025:19423", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19424", "reference_id": "RHSA-2025:19424", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19424" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19425", "reference_id": "RHSA-2025:19425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19425" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19426", "reference_id": "RHSA-2025:19426", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19426" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19427", "reference_id": "RHSA-2025:19427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19428", "reference_id": "RHSA-2025:19428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19429", "reference_id": "RHSA-2025:19429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19430", "reference_id": "RHSA-2025:19430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19430" }, { "reference_url": "https://usn.ubuntu.com/7710-1/", "reference_id": "USN-7710-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7710-1/" }, { "reference_url": "https://usn.ubuntu.com/7710-2/", "reference_id": "USN-7710-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7710-2/" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/", "reference_id": "ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088726?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936182?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" }, { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088725?format=api", "purl": "pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-8194" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtk7-qut6-syd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66394?format=api", "vulnerability_id": "VCID-nqqc-u8d5-8qf6", "summary": "cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12084.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12084.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12084", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15347", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17965", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18025", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18075", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18118", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18111", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1805", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18263", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17978", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17968", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38724", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38808", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.3883", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39039", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0", "reference_id": "027f21e417b26eed4505ac2db101a4352b7c51a0", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0" }, { "reference_url": "https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4", "reference_id": "08d8e18ad81cd45bc4a27d6da478b51ea49486e4", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126784", "reference_id": "1126784", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126784" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126785", "reference_id": "1126785", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126785" }, { "reference_url": "https://github.com/python/cpython/issues/142145", "reference_id": "142145", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/issues/142145" }, { "reference_url": "https://github.com/python/cpython/pull/142146", "reference_id": "142146", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/pull/142146" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418655", "reference_id": "2418655", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418655" }, { "reference_url": "https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437", "reference_id": "27648a1818749ef44c420afe6173af6868715437", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437" }, { "reference_url": "https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af", "reference_id": "41f468786762348960486c166833a218a0a436af", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af" }, { "reference_url": "https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273", "reference_id": "57937a8e5e293f0dcba5115f7b7a11b1e0c9a273", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273" }, { "reference_url": "https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907", "reference_id": "8d2d7bb2e754f8649a68ce4116271a4932f76907", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907" }, { "reference_url": "https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d", "reference_id": "9c9dda6625a2a90d2a06c657eee021d6be19842d", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d" }, { "reference_url": "https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8", "reference_id": "a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8" }, { "reference_url": "https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8", "reference_id": "a696ba8b4d42fd632afc9bc88ad830a2e4cceed8", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8" }, { "reference_url": "https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0", "reference_id": "c97e87593063d84a2bd9fe7068b30eb44de23dc0", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0" }, { "reference_url": "https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964", "reference_id": "ddcd2acd85d891a53e281c773b3093f9db953964", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964" }, { "reference_url": "https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53", "reference_id": "e91c11449cad34bac3ea55ee09ca557691d92b53", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0123", "reference_id": "RHSA-2026:0123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1374", "reference_id": "RHSA-2026:1374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1408", "reference_id": "RHSA-2026:1408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1410", "reference_id": "RHSA-2026:1410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1478", "reference_id": "RHSA-2026:1478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1537", "reference_id": "RHSA-2026:1537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1558", "reference_id": "RHSA-2026:1558", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1558" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1582", "reference_id": "RHSA-2026:1582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1583", "reference_id": "RHSA-2026:1583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1620", "reference_id": "RHSA-2026:1620", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1620" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1631", "reference_id": "RHSA-2026:1631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1736", "reference_id": "RHSA-2026:1736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1828", "reference_id": "RHSA-2026:1828", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1828" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1892", "reference_id": "RHSA-2026:1892", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1893", "reference_id": "RHSA-2026:1893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1893" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1922", "reference_id": "RHSA-2026:1922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2084", "reference_id": "RHSA-2026:2084", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2084" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2233", "reference_id": "RHSA-2026:2233", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2233" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2275", "reference_id": "RHSA-2026:2275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2276", "reference_id": "RHSA-2026:2276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2330", "reference_id": "RHSA-2026:2330", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2330" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2391", "reference_id": "RHSA-2026:2391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2392", "reference_id": "RHSA-2026:2392", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2392" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2393", "reference_id": "RHSA-2026:2393", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2393" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2563", "reference_id": "RHSA-2026:2563", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2563" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2713", "reference_id": "RHSA-2026:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4943", "reference_id": "RHSA-2026:4943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://usn.ubuntu.com/8018-1/", "reference_id": "USN-8018-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-1/" }, { "reference_url": "https://usn.ubuntu.com/8018-3/", "reference_id": "USN-8018-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088726?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936182?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" }, { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088725?format=api", "purl": "pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-12084" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nqqc-u8d5-8qf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64936?format=api", "vulnerability_id": "VCID-zh1r-7rzh-2bez", "summary": "cpython: Header injection in http.cookies.Morsel in Python", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0672.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0672.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36748", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36259", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36779", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36615", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36667", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36683", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36692", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36658", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36632", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36677", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36659", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36599", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36375", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36345", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126761", "reference_id": "1126761", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126761" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126762", "reference_id": "1126762", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126762" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126763", "reference_id": "1126763", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126763" }, { "reference_url": "https://github.com/python/cpython/issues/143919", "reference_id": "143919", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/" } ], "url": "https://github.com/python/cpython/issues/143919" }, { "reference_url": "https://github.com/python/cpython/pull/143920", "reference_id": "143920", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/" } ], "url": "https://github.com/python/cpython/pull/143920" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374", "reference_id": "2431374", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374" }, { "reference_url": "https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172", "reference_id": "62700107418eb2cca3fc88da036a243ea975f172", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/" } ], "url": "https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/", "reference_id": "6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/" }, { "reference_url": "https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440", "reference_id": "712452e6f1d4b9f7f8c4c92ebfcaac1705faa440", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/" } ], "url": "https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440" }, { "reference_url": "https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d", "reference_id": "7852d72b653fea0199acf5fc2a84f6f8b84eba8d", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/" } ], "url": "https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d" }, { "reference_url": "https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca", "reference_id": "918387e4912d12ffc166c8f2a38df92b6ec756ca", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/" } ], "url": "https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca" }, { "reference_url": "https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70", "reference_id": "95746b3a13a985787ef53b977129041971ed7f70", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/" } ], "url": "https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70" }, { "reference_url": "https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85", "reference_id": "b1869ff648bbee0717221d09e6deff46617f3e85", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/" } ], "url": "https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10950", "reference_id": "RHSA-2026:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "reference_url": "https://usn.ubuntu.com/8018-1/", "reference_id": "USN-8018-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-1/" }, { "reference_url": "https://usn.ubuntu.com/8018-3/", "reference_id": "USN-8018-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088726?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936182?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" }, { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088725?format=api", "purl": "pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-0672" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zh1r-7rzh-2bez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66934?format=api", "vulnerability_id": "VCID-znkr-fxtj-4uc7", "summary": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8291.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8291.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30092", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29659", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.3014", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29954", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30015", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30049", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30055", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.3001", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29961", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29977", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29956", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.2991", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29835", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29722", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8291" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118431", "reference_id": "1118431", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118431" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118432", "reference_id": "1118432", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118432" }, { "reference_url": "https://github.com/python/cpython/issues/139700", "reference_id": "139700", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://github.com/python/cpython/issues/139700" }, { "reference_url": "https://github.com/python/cpython/pull/139702", "reference_id": "139702", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://github.com/python/cpython/pull/139702" }, { "reference_url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267", "reference_id": "162997bb70e067668c039700141770687bc8f267", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267" }, { "reference_url": "https://github.com/python/cpython/commit/1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46", "reference_id": "1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://github.com/python/cpython/commit/1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402342", "reference_id": "2402342", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402342" }, { "reference_url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6", "reference_id": "333d4a6f4967d3ace91492a39ededbcf3faa76a6", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6" }, { "reference_url": "https://github.com/python/cpython/commit/76437ac248ad8ca44e9bf697b02b1e2241df2196", "reference_id": "76437ac248ad8ca44e9bf697b02b1e2241df2196", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://github.com/python/cpython/commit/76437ac248ad8ca44e9bf697b02b1e2241df2196" }, { "reference_url": "https://github.com/python/cpython/commit/8392b2f0d35678407d9ce7d95655a5b77de161b4", "reference_id": "8392b2f0d35678407d9ce7d95655a5b77de161b4", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://github.com/python/cpython/commit/8392b2f0d35678407d9ce7d95655a5b77de161b4" }, { "reference_url": "https://github.com/python/cpython/commit/bca11ae7d575d87ed93f5dd6a313be6246e3e388", "reference_id": "bca11ae7d575d87ed93f5dd6a313be6246e3e388", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://github.com/python/cpython/commit/bca11ae7d575d87ed93f5dd6a313be6246e3e388" }, { "reference_url": "https://github.com/python/cpython/commit/d11e69d6203080e3ec450446bfed0516727b85c3", "reference_id": "d11e69d6203080e3ec450446bfed0516727b85c3", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://github.com/python/cpython/commit/d11e69d6203080e3ec450446bfed0516727b85c3" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/", "reference_id": "QECOPWMTH4VPPJAXAH2BGTA4XADOP62G", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23323", "reference_id": "RHSA-2025:23323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23323" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23342", "reference_id": "RHSA-2025:23342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23940", "reference_id": "RHSA-2025:23940", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23940" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0123", "reference_id": "RHSA-2026:0123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0353", "reference_id": "RHSA-2026:0353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0353" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0354", "reference_id": "RHSA-2026:0354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0355", "reference_id": "RHSA-2026:0355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0685", "reference_id": "RHSA-2026:0685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1858", "reference_id": "RHSA-2026:1858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://usn.ubuntu.com/7886-1/", "reference_id": "USN-7886-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7886-1/" }, { "reference_url": "https://usn.ubuntu.com/7886-2/", "reference_id": "USN-7886-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7886-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936179?format=api", "purl": "pkg:deb/debian/pypy3@7.3.5%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-2v5u-2z4w-ffgx" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8hug-fhhb-sbgt" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-a8mv-mr3q-vygz" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-bqp2-x383-xqfh" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-qwhz-912b-8kh5" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.5%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936202?format=api", "purl": "pkg:deb/debian/pypy3@7.3.5%2Bdfsg-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.5%252Bdfsg-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088726?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936182?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" }, { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088725?format=api", "purl": "pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-8291" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znkr-fxtj-4uc7" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-1%3Fdistro=trixie" }