Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/196124?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/196124?format=api", "purl": "pkg:deb/debian/ironic@1:16.0.3-1", "type": "deb", "namespace": "debian", "name": "ironic", "version": "1:16.0.3-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:21.1.0-3+deb12u1", "latest_non_vulnerable_version": "1:35.0.1-5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74119?format=api", "vulnerability_id": "VCID-2p25-2d9m-t3cp", "summary": "In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44919", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02541", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0247", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02486", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02543", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44919" }, { "reference_url": "https://bugs.launchpad.net/ironic/+bug/2150332", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T13:53:26Z/" } ], "url": "https://bugs.launchpad.net/ironic/+bug/2150332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44919" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44919", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44919" }, { "reference_url": "https://opendev.org/openstack/ironic", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/ironic" }, { "reference_url": "https://opendev.org/openstack/ironic/commit/a3f6d735ac3642ab95b49142c7305f072ae748d0", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T13:53:26Z/" } ], "url": "https://opendev.org/openstack/ironic/commit/a3f6d735ac3642ab95b49142c7305f072ae748d0" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136655", "reference_id": "1136655", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136655" }, { "reference_url": "https://github.com/advisories/GHSA-4g73-w726-53h3", "reference_id": "GHSA-4g73-w726-53h3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4g73-w726-53h3" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2026-013.html", "reference_id": "OSSA-2026-013.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T13:53:26Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2026-013.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196126?format=api", "purl": "pkg:deb/debian/ironic@1:21.1.0-3%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:21.1.0-3%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/510524?format=api", "purl": "pkg:deb/debian/ironic@1:29.0.5-0%2Bdeb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:29.0.5-0%252Bdeb13u1" } ], "aliases": [ "CVE-2026-44919", "GHSA-4g73-w726-53h3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2p25-2d9m-t3cp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61748?format=api", "vulnerability_id": "VCID-3p7k-r1sj-4kcm", "summary": "OpenStack Ironic: ipmitool: OpenStack Ironic: Arbitrary Code Execution via Remote Hardware Management", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42510.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42510.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42510", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08078", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0813", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08145", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08128", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42510" }, { "reference_url": "https://bugs.launchpad.net/ironic/+bug/2148331", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-28T12:35:30Z/" } ], "url": "https://bugs.launchpad.net/ironic/+bug/2148331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42510", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42510" }, { "reference_url": "https://github.com/openstack/ironic", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42510", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42510" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/30/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/30/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135255", "reference_id": "1135255", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135255" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463371", "reference_id": "2463371", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463371" }, { "reference_url": "https://github.com/advisories/GHSA-wqpv-c3pp-3m58", "reference_id": "GHSA-wqpv-c3pp-3m58", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wqpv-c3pp-3m58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196126?format=api", "purl": "pkg:deb/debian/ironic@1:21.1.0-3%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:21.1.0-3%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/510524?format=api", "purl": "pkg:deb/debian/ironic@1:29.0.5-0%2Bdeb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:29.0.5-0%252Bdeb13u1" } ], "aliases": [ "CVE-2026-42510", "GHSA-wqpv-c3pp-3m58" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3p7k-r1sj-4kcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55942?format=api", "vulnerability_id": "VCID-9dkb-kf24-xkdp", "summary": "OpenStack Ironic fails to verify checksums of supplied image_source URLs\nIn OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47211.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47211.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53784", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53807", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53819", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.5381", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47211" }, { "reference_url": "https://github.com/openstack/ironic", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic" }, { "reference_url": "https://github.com/openstack/ironic/commit/2127cc4c93770778457fde0582c1bba258c67e02", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic/commit/2127cc4c93770778457fde0582c1bba258c67e02" }, { "reference_url": "https://github.com/openstack/ironic/commit/7a1292c569a84eb05806a57a89fca5bb6b0c4043", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic/commit/7a1292c569a84eb05806a57a89fca5bb6b0c4043" }, { "reference_url": "https://github.com/openstack/ironic/commit/ebce0fd0845de411171127a55002ae7c9605de57", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic/commit/ebce0fd0845de411171127a55002ae7c9605de57" }, { "reference_url": "https://github.com/openstack/ironic/compare/24.1.2...26.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:53:38Z/" } ], "url": "https://github.com/openstack/ironic/compare/24.1.2...26.1.0" }, { "reference_url": "https://github.com/openstack/ironic/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:53:38Z/" } ], "url": "https://github.com/openstack/ironic/security" }, { "reference_url": "https://github.com/openstack/ironic/tags", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:53:38Z/" } ], "url": "https://github.com/openstack/ironic/tags" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2024-004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:53:38Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2024-004.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315010", "reference_id": "2315010", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315010" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47211", "reference_id": "CVE-2024-47211", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47211" }, { "reference_url": "https://github.com/advisories/GHSA-8h22-6qwx-q4w9", "reference_id": "GHSA-8h22-6qwx-q4w9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8h22-6qwx-q4w9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8229", "reference_id": "RHSA-2024:8229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8229" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0439", "reference_id": "RHSA-2025:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3482", "reference_id": "RHSA-2025:3482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3482" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196126?format=api", "purl": "pkg:deb/debian/ironic@1:21.1.0-3%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:21.1.0-3%252Bdeb12u1" } ], "aliases": [ "CVE-2024-47211", "GHSA-8h22-6qwx-q4w9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9dkb-kf24-xkdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74117?format=api", "vulnerability_id": "VCID-bcmu-f24h-3yg9", "summary": "In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01374", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01377", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01382", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44916" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136005", "reference_id": "1136005", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136005" }, { "reference_url": "https://bugs.launchpad.net/ironic/+bug/2148307", "reference_id": "2148307", "reference_type": "", "scores": [ { "value": "3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T12:50:26Z/" } ], "url": "https://bugs.launchpad.net/ironic/+bug/2148307" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2026-012.html", "reference_id": "OSSA-2026-012.html", "reference_type": "", "scores": [ { "value": "3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T12:50:26Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2026-012.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196126?format=api", "purl": "pkg:deb/debian/ironic@1:21.1.0-3%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:21.1.0-3%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/510524?format=api", "purl": "pkg:deb/debian/ironic@1:29.0.5-0%2Bdeb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:29.0.5-0%252Bdeb13u1" } ], "aliases": [ "CVE-2026-44916" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bcmu-f24h-3yg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61136?format=api", "vulnerability_id": "VCID-hwwu-hhkm-jkfa", "summary": "OpenStack Ironic: OpenStack Ironic: Information disclosure via credential forwarding during mold import", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42997.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42997.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42997", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01765", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02537", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02608", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02552", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42997" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42997", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42997" }, { "reference_url": "https://github.com/openstack/ironic-python-agent", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic-python-agent" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42997", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42997" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2026-010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T18:38:38Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2026-010.html" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/05/05/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T18:38:38Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/05/05/10" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/05/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/05/10" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135811", "reference_id": "1135811", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135811" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466844", "reference_id": "2466844", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466844" }, { "reference_url": "https://github.com/advisories/GHSA-54w4-233h-x86g", "reference_id": "GHSA-54w4-233h-x86g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-54w4-233h-x86g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196126?format=api", "purl": "pkg:deb/debian/ironic@1:21.1.0-3%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:21.1.0-3%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/510524?format=api", "purl": "pkg:deb/debian/ironic@1:29.0.5-0%2Bdeb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:29.0.5-0%252Bdeb13u1" } ], "aliases": [ "CVE-2026-42997", "GHSA-54w4-233h-x86g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hwwu-hhkm-jkfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74108?format=api", "vulnerability_id": "VCID-jv92-qsda-dqhp", "summary": "In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44082.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44082.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-44082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50977", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51022", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51027", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51007", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-44082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44082" }, { "reference_url": "https://bugs.launchpad.net/ironic/+bug/2071740", "reference_id": "2071740", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T13:24:10Z/" } ], "url": "https://bugs.launchpad.net/ironic/+bug/2071740" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309331", "reference_id": "2309331", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309331" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/09/04/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T13:24:10Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/09/04/4" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2024-003.html", "reference_id": "OSSA-2024-003.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T13:24:10Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2024-003.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7594", "reference_id": "RHSA-2024:7594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8235", "reference_id": "RHSA-2024:8235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9982", "reference_id": "RHSA-2024:9982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0204", "reference_id": "RHSA-2025:0204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0204" }, { "reference_url": "https://usn.ubuntu.com/6989-1/", "reference_id": "USN-6989-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6989-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196126?format=api", "purl": "pkg:deb/debian/ironic@1:21.1.0-3%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:21.1.0-3%252Bdeb12u1" } ], "aliases": [ "CVE-2024-44082" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jv92-qsda-dqhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/373315?format=api", "vulnerability_id": "VCID-ngq5-5br7-dyaz", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-50589", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11385", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11267", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1135", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12037", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-50589" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50589", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50589" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138908", "reference_id": "1138908", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138908" }, { "reference_url": "https://bugs.launchpad.net/ironic/+bug/2154288", "reference_id": "2154288", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-05T20:12:25Z/" } ], "url": "https://bugs.launchpad.net/ironic/+bug/2154288" }, { "reference_url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0099", "reference_id": "OSSN-0099", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-05T20:12:25Z/" } ], "url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0099" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196126?format=api", "purl": "pkg:deb/debian/ironic@1:21.1.0-3%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:21.1.0-3%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/510524?format=api", "purl": "pkg:deb/debian/ironic@1:29.0.5-0%2Bdeb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:29.0.5-0%252Bdeb13u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1152767?format=api", "purl": "pkg:deb/debian/ironic@1:35.0.1-5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:35.0.1-5" } ], "aliases": [ "CVE-2026-50589" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ngq5-5br7-dyaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37055?format=api", "vulnerability_id": "VCID-pqfj-a8pk-2fbx", "summary": "OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable by ironic-conductor), which may then be written to the target node disk. This is difficult to exploit in practice, because a node deployed in this manner should never reach the ACTIVE state, but it still represents a danger in environments running with non-default, insecure configurations such as with automated cleaning disabled. The fixed versions are 24.1.3, 26.1.1, and 29.0.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-44021.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-44021.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-44021", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19253", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19373", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19369", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19324", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-44021" }, { "reference_url": "https://bugs.launchpad.net/ironic/+bug/2107847", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:20:27Z/" } ], "url": "https://bugs.launchpad.net/ironic/+bug/2107847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-44021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-44021" }, { "reference_url": "https://github.com/openstack/ironic", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic" }, { "reference_url": "https://github.com/openstack/ironic/commit/10590b36f541130f6a5d7a49da0f095ff8390cce", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic/commit/10590b36f541130f6a5d7a49da0f095ff8390cce" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ironic/PYSEC-2025-38.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ironic/PYSEC-2025-38.yaml" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2025-001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:20:27Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2025-001.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/05/08/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/05/08/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104964", "reference_id": "1104964", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104964" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364264", "reference_id": "2364264", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364264" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-44021", "reference_id": "CVE-2025-44021", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-44021" }, { "reference_url": "https://github.com/advisories/GHSA-q3m2-crgq-5p3q", "reference_id": "GHSA-q3m2-crgq-5p3q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q3m2-crgq-5p3q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196126?format=api", "purl": "pkg:deb/debian/ironic@1:21.1.0-3%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:21.1.0-3%252Bdeb12u1" } ], "aliases": [ "CVE-2025-44021", "GHSA-q3m2-crgq-5p3q", "PYSEC-2025-38" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pqfj-a8pk-2fbx" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:16.0.3-1" }