Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/122016?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/122016?format=api", "purl": "pkg:deb/debian/patch@2.8-2?distro=trixie", "type": "deb", "namespace": "debian", "name": "patch", "version": "2.8-2", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97575?format=api", "vulnerability_id": "VCID-1pm2-zhtr-yqda", "summary": "A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1396.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1396.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1396", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03663", "scoring_system": "epss", "scoring_elements": "0.88096", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03663", "scoring_system": "epss", "scoring_elements": "0.88117", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03663", "scoring_system": "epss", "scoring_elements": "0.8812", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1396" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186764", "reference_id": "1186764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186764" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775901", "reference_id": "775901", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775901" }, { "reference_url": "https://usn.ubuntu.com/2651-1/", "reference_id": "USN-2651-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2651-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/122017?format=api", "purl": "pkg:deb/debian/patch@2.7.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122014?format=api", "purl": "pkg:deb/debian/patch@2.7.6-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122016?format=api", "purl": "pkg:deb/debian/patch@2.8-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-1396" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1pm2-zhtr-yqda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97582?format=api", "vulnerability_id": "VCID-6e5u-5bt9-kbdu", "summary": "GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20633.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20633.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20633", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.2974", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29808", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29771", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20633" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1818934", "reference_id": "1818934", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1818934" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/122022?format=api", "purl": "pkg:deb/debian/patch@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122014?format=api", "purl": "pkg:deb/debian/patch@2.7.6-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122016?format=api", "purl": "pkg:deb/debian/patch@2.8-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-20633" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6e5u-5bt9-kbdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97574?format=api", "vulnerability_id": "VCID-8q8b-ycpu-e3ea", "summary": "Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1395.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1395.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1395", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04141", "scoring_system": "epss", "scoring_elements": "0.88847", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04141", "scoring_system": "epss", "scoring_elements": "0.88864", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1395" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1395", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1395" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184490", "reference_id": "1184490", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184490" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873", "reference_id": "775873", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873" }, { "reference_url": "https://usn.ubuntu.com/2651-1/", "reference_id": "USN-2651-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2651-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/122017?format=api", "purl": "pkg:deb/debian/patch@2.7.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122014?format=api", "purl": "pkg:deb/debian/patch@2.7.6-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122016?format=api", "purl": "pkg:deb/debian/patch@2.8-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-1395" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8q8b-ycpu-e3ea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97576?format=api", "vulnerability_id": "VCID-e8dg-1v5z-9fc4", "summary": "Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00878", "scoring_system": "epss", "scoring_elements": "0.75679", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00878", "scoring_system": "epss", "scoring_elements": "0.75706", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00878", "scoring_system": "epss", "scoring_elements": "0.75703", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1416" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1416", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1416" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/122018?format=api", "purl": "pkg:deb/debian/patch@2.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122014?format=api", "purl": "pkg:deb/debian/patch@2.7.6-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122016?format=api", "purl": "pkg:deb/debian/patch@2.8-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-1416" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8dg-1v5z-9fc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6211?format=api", "vulnerability_id": "VCID-fuan-yz1a-jbej", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000156.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000156.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000156", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.36762", "scoring_system": "epss", "scoring_elements": "0.97229", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.36762", "scoring_system": "epss", "scoring_elements": "0.97233", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.36762", "scoring_system": "epss", "scoring_elements": "0.97235", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000156" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564326", "reference_id": "1564326", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564326" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894993", "reference_id": "894993", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894993" }, { "reference_url": "https://security.archlinux.org/ASA-201810-8", "reference_id": "ASA-201810-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201810-8" }, { "reference_url": "https://security.archlinux.org/ASA-201811-14", "reference_id": "ASA-201811-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-14" }, { "reference_url": "https://security.archlinux.org/AVG-619", "reference_id": "AVG-619", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-619" }, { "reference_url": "https://security.archlinux.org/AVG-808", "reference_id": "AVG-808", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-808" }, { "reference_url": "https://security.gentoo.org/glsa/201904-17", "reference_id": "GLSA-201904-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201904-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1199", "reference_id": "RHSA-2018:1199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1200", "reference_id": "RHSA-2018:1200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2091", "reference_id": "RHSA-2018:2091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2091" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2092", "reference_id": "RHSA-2018:2092", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2092" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2093", "reference_id": "RHSA-2018:2093", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2093" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2094", "reference_id": "RHSA-2018:2094", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2094" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2095", "reference_id": "RHSA-2018:2095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2096", "reference_id": "RHSA-2018:2096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2097", "reference_id": "RHSA-2018:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2097" }, { "reference_url": "https://usn.ubuntu.com/3624-1/", "reference_id": "USN-3624-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3624-1/" }, { "reference_url": "https://usn.ubuntu.com/3624-2/", "reference_id": "USN-3624-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3624-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/122020?format=api", "purl": "pkg:deb/debian/patch@2.7.6-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122014?format=api", "purl": "pkg:deb/debian/patch@2.7.6-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122016?format=api", "purl": "pkg:deb/debian/patch@2.8-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-1000156" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fuan-yz1a-jbej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97580?format=api", "vulnerability_id": "VCID-kxps-vxqz-wqfq", "summary": "In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13636.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13636.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13636", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04327", "scoring_system": "epss", "scoring_elements": "0.89094", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04327", "scoring_system": "epss", "scoring_elements": "0.89111", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04327", "scoring_system": "epss", "scoring_elements": "0.89112", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13636" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20969", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732781", "reference_id": "1732781", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732781" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932401", "reference_id": "932401", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932401" }, { "reference_url": "https://security.gentoo.org/glsa/201908-22", "reference_id": "GLSA-201908-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1852", "reference_id": "RHSA-2020:1852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1852" }, { "reference_url": "https://usn.ubuntu.com/4071-1/", "reference_id": "USN-4071-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4071-1/" }, { "reference_url": "https://usn.ubuntu.com/4071-2/", "reference_id": "USN-4071-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4071-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/122021?format=api", "purl": "pkg:deb/debian/patch@2.7.6-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122014?format=api", "purl": "pkg:deb/debian/patch@2.7.6-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122016?format=api", "purl": "pkg:deb/debian/patch@2.8-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13636" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kxps-vxqz-wqfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97581?format=api", "vulnerability_id": "VCID-mfsr-c5z2-hfh4", "summary": "GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13638.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13638.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13638", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0205", "scoring_system": "epss", "scoring_elements": "0.84188", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0205", "scoring_system": "epss", "scoring_elements": "0.84212", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0205", "scoring_system": "epss", "scoring_elements": "0.84215", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13638" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20969", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1733916", "reference_id": "1733916", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1733916" }, { "reference_url": "https://security.gentoo.org/glsa/201908-22", "reference_id": "GLSA-201908-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2798", "reference_id": "RHSA-2019:2798", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2798" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2964", "reference_id": "RHSA-2019:2964", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3757", "reference_id": "RHSA-2019:3757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3758", "reference_id": "RHSA-2019:3758", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4061", "reference_id": "RHSA-2019:4061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4061" }, { "reference_url": "https://usn.ubuntu.com/4071-1/", "reference_id": "USN-4071-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4071-1/" }, { "reference_url": "https://usn.ubuntu.com/4071-2/", "reference_id": "USN-4071-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4071-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/122021?format=api", "purl": "pkg:deb/debian/patch@2.7.6-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122014?format=api", "purl": "pkg:deb/debian/patch@2.7.6-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122016?format=api", "purl": "pkg:deb/debian/patch@2.8-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13638" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mfsr-c5z2-hfh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97573?format=api", "vulnerability_id": "VCID-qp3r-313a-juev", "summary": "GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1196.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1196.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00853", "scoring_system": "epss", "scoring_elements": "0.75278", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00853", "scoring_system": "epss", "scoring_elements": "0.75308", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00853", "scoring_system": "epss", "scoring_elements": "0.75311", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1196" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182154", "reference_id": "1182154", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182154" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227", "reference_id": "775227", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227" }, { "reference_url": "https://usn.ubuntu.com/2651-1/", "reference_id": "USN-2651-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2651-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/122015?format=api", "purl": "pkg:deb/debian/patch@2.7.1-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.1-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122014?format=api", "purl": "pkg:deb/debian/patch@2.7.6-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122016?format=api", "purl": "pkg:deb/debian/patch@2.8-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-1196" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qp3r-313a-juev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97577?format=api", "vulnerability_id": "VCID-t9q9-5hw4-73cs", "summary": "An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10713.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10713.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67377", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67418", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67425", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10713" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545405", "reference_id": "1545405", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545405" }, { "reference_url": "https://security.archlinux.org/AVG-618", "reference_id": "AVG-618", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-618" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2033", "reference_id": "RHSA-2019:2033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2033" }, { "reference_url": "https://usn.ubuntu.com/3624-1/", "reference_id": "USN-3624-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3624-1/" }, { "reference_url": "https://usn.ubuntu.com/3624-2/", "reference_id": "USN-3624-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3624-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/122019?format=api", "purl": "pkg:deb/debian/patch@2.7.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122014?format=api", "purl": "pkg:deb/debian/patch@2.7.6-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122016?format=api", "purl": "pkg:deb/debian/patch@2.8-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-10713" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t9q9-5hw4-73cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97572?format=api", "vulnerability_id": "VCID-uqw2-mt6f-quc1", "summary": "GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9637.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9637.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55292", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58627", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58634", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9637" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9637", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9637" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185262", "reference_id": "1185262", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185262" }, { "reference_url": "https://usn.ubuntu.com/2651-1/", "reference_id": "USN-2651-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2651-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/122015?format=api", "purl": "pkg:deb/debian/patch@2.7.1-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.1-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122014?format=api", "purl": "pkg:deb/debian/patch@2.7.6-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122016?format=api", "purl": "pkg:deb/debian/patch@2.8-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-9637" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uqw2-mt6f-quc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97579?format=api", "vulnerability_id": "VCID-ycqe-xdf8-x3du", "summary": "do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20969.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20969.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00364", "scoring_system": "epss", "scoring_elements": "0.58773", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00364", "scoring_system": "epss", "scoring_elements": "0.5882", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00364", "scoring_system": "epss", "scoring_elements": "0.58825", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20969", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1746672", "reference_id": "1746672", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1746672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2798", "reference_id": "RHSA-2019:2798", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2798" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2964", "reference_id": "RHSA-2019:2964", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3757", "reference_id": "RHSA-2019:3757", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3757" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3758", "reference_id": "RHSA-2019:3758", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4061", "reference_id": "RHSA-2019:4061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4061" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/122021?format=api", "purl": "pkg:deb/debian/patch@2.7.6-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122014?format=api", "purl": "pkg:deb/debian/patch@2.7.6-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/122016?format=api", "purl": "pkg:deb/debian/patch@2.8-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20969" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ycqe-xdf8-x3du" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie" }