Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/mercurial@4.4-rc

Type pypi

Namespace

Name mercurial

Version 4.4-rc

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.9

Latest_non_vulnerable_version 4.9

Affected_by_vulnerabilities

url VCID-1kmd-1kun-qbdd

vulnerability_id VCID-1kmd-1kun-qbdd

summary The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.

references

reference_url

https://access.redhat.com/errata/RHSA-2019:2276

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2276

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13346.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13346.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-13346

reference_id

reference_type

scores

value	0.00267
scoring_system	epss
scoring_elements	0.50228
published_at	2026-04-16T12:55:00Z

value	0.00267
scoring_system	epss
scoring_elements	0.50229
published_at	2026-04-18T12:55:00Z

value	0.00267
scoring_system	epss
scoring_elements	0.50184
published_at	2026-04-13T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57313
published_at	2026-04-01T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57442
published_at	2026-04-12T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57465
published_at	2026-04-11T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57449
published_at	2026-04-09T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57447
published_at	2026-04-08T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57394
published_at	2026-04-07T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57418
published_at	2026-04-04T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57395
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-13346

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13346
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13346

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-88.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-88.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_url

https://www.mercurial-scm.org/repo/hg/rev/faa924469635

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/repo/hg/rev/faa924469635

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1594090
reference_id	1594090
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1594090

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050
reference_id	901050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial::::::::
reference_id	cpe:2.3:a:mercurial:mercurial::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-13346

reference_id

CVE-2018-13346

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-13346

reference_url

https://github.com/advisories/GHSA-9xv4-r2hf-26gh

reference_id

GHSA-9xv4-r2hf-26gh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9xv4-r2hf-26gh

fixed_packages

url pkg:pypi/mercurial@4.6.1

purl pkg:pypi/mercurial@4.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-t9gd-va4q-a3ga

vulnerability	VCID-z346-9s62-afaz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6.1

aliases CVE-2018-13346, GHSA-9xv4-r2hf-26gh, PYSEC-2018-88

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1kmd-1kun-qbdd

url VCID-bahp-n5dx-2qeg

vulnerability_id VCID-bahp-n5dx-2qeg

summary Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.

references

reference_url

https://access.redhat.com/errata/RHSA-2019:2276

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2276

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000132.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000132.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000132

reference_id

reference_type

scores

value	0.006
scoring_system	epss
scoring_elements	0.69438
published_at	2026-04-13T12:55:00Z

value	0.006
scoring_system	epss
scoring_elements	0.69476
published_at	2026-04-16T12:55:00Z

value	0.006
scoring_system	epss
scoring_elements	0.69487
published_at	2026-04-18T12:55:00Z

value	0.00783
scoring_system	epss
scoring_elements	0.73756
published_at	2026-04-11T12:55:00Z

value	0.00783
scoring_system	epss
scoring_elements	0.73734
published_at	2026-04-09T12:55:00Z

value	0.00783
scoring_system	epss
scoring_elements	0.73738
published_at	2026-04-12T12:55:00Z

value	0.00783
scoring_system	epss
scoring_elements	0.7369
published_at	2026-04-02T12:55:00Z

value	0.00783
scoring_system	epss
scoring_elements	0.73681
published_at	2026-04-01T12:55:00Z

value	0.00783
scoring_system	epss
scoring_elements	0.73714
published_at	2026-04-04T12:55:00Z

value	0.00783
scoring_system	epss
scoring_elements	0.73686
published_at	2026-04-07T12:55:00Z

value	0.00783
scoring_system	epss
scoring_elements	0.73721
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000132

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000132
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000132

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-87.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-87.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2018/03/msg00034.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/03/msg00034.html

reference_url

https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1553265
reference_id	1553265
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1553265

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892964
reference_id	892964
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892964

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1000132

reference_id

CVE-2018-1000132

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1000132

reference_url

https://github.com/advisories/GHSA-4mr4-7vjv-9hm6

reference_id

GHSA-4mr4-7vjv-9hm6

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4mr4-7vjv-9hm6

fixed_packages

url pkg:pypi/mercurial@4.5.1

purl pkg:pypi/mercurial@4.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kmd-1kun-qbdd

vulnerability	VCID-hhwu-knps-qqfw

vulnerability	VCID-t9gd-va4q-a3ga

vulnerability	VCID-v91s-ety2-x7au

vulnerability	VCID-z346-9s62-afaz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.5.1

aliases CVE-2018-1000132, GHSA-4mr4-7vjv-9hm6, PYSEC-2018-87

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bahp-n5dx-2qeg

url VCID-hhwu-knps-qqfw

vulnerability_id VCID-hhwu-knps-qqfw

summary mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.

references

reference_url

https://access.redhat.com/errata/RHSA-2019:2276

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2276

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13347.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13347.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-13347

reference_id

reference_type

scores

value	0.01158
scoring_system	epss
scoring_elements	0.78599
published_at	2026-04-18T12:55:00Z

value	0.01158
scoring_system	epss
scoring_elements	0.78574
published_at	2026-04-09T12:55:00Z

value	0.01158
scoring_system	epss
scoring_elements	0.78523
published_at	2026-04-01T12:55:00Z

value	0.01158
scoring_system	epss
scoring_elements	0.7856
published_at	2026-04-04T12:55:00Z

value	0.01158
scoring_system	epss
scoring_elements	0.786
published_at	2026-04-16T12:55:00Z

value	0.01158
scoring_system	epss
scoring_elements	0.78572
published_at	2026-04-13T12:55:00Z

value	0.01158
scoring_system	epss
scoring_elements	0.7858
published_at	2026-04-12T12:55:00Z

value	0.01158
scoring_system	epss
scoring_elements	0.7853
published_at	2026-04-02T12:55:00Z

value	0.01158
scoring_system	epss
scoring_elements	0.78569
published_at	2026-04-08T12:55:00Z

value	0.01158
scoring_system	epss
scoring_elements	0.78543
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-13347

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13347
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13347

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-89.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-89.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_url

https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A

reference_url

https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1594087
reference_id	1594087
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1594087

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050
reference_id	901050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial::::::::
reference_id	cpe:2.3:a:mercurial:mercurial::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-13347

reference_id

CVE-2018-13347

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-13347

reference_url

https://github.com/advisories/GHSA-3mjj-mr4f-qxmx

reference_id

GHSA-3mjj-mr4f-qxmx

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3mjj-mr4f-qxmx

fixed_packages

url pkg:pypi/mercurial@4.6.1

purl pkg:pypi/mercurial@4.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-t9gd-va4q-a3ga

vulnerability	VCID-z346-9s62-afaz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6.1

aliases CVE-2018-13347, GHSA-3mjj-mr4f-qxmx, PYSEC-2018-89

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hhwu-knps-qqfw

url VCID-nruh-my9y-jqfj

vulnerability_id VCID-nruh-my9y-jqfj

summary In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17458.json

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17458.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-17458

reference_id

reference_type

scores

value	0.17249
scoring_system	epss
scoring_elements	0.95044
published_at	2026-04-18T12:55:00Z

value	0.17249
scoring_system	epss
scoring_elements	0.95041
published_at	2026-04-16T12:55:00Z

value	0.17249
scoring_system	epss
scoring_elements	0.95032
published_at	2026-04-13T12:55:00Z

value	0.17249
scoring_system	epss
scoring_elements	0.95029
published_at	2026-04-12T12:55:00Z

value	0.17249
scoring_system	epss
scoring_elements	0.95028
published_at	2026-04-11T12:55:00Z

value	0.17249
scoring_system	epss
scoring_elements	0.95022
published_at	2026-04-09T12:55:00Z

value	0.17249
scoring_system	epss
scoring_elements	0.95018
published_at	2026-04-08T12:55:00Z

value	0.17249
scoring_system	epss
scoring_elements	0.9501
published_at	2026-04-07T12:55:00Z

value	0.17249
scoring_system	epss
scoring_elements	0.95007
published_at	2026-04-04T12:55:00Z

value	0.17249
scoring_system	epss
scoring_elements	0.95006
published_at	2026-04-02T12:55:00Z

value	0.17249
scoring_system	epss
scoring_elements	0.94996
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-17458

reference_url

https://bz.mercurial-scm.org/show_bug.cgi?id=5730

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bz.mercurial-scm.org/show_bug.cgi?id=5730

reference_url

https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17458
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17458

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:N

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dscho/hg

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/dscho/hg

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-90.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-90.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2017/12/msg00027.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2017/12/msg00027.html

reference_url

https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html

reference_url

https://lists.debian.org/debian-lts-announce/2018/07/msg00041.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/07/msg00041.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_url

https://web.archive.org/web/20200227132808/http://www.securityfocus.com/bid/102926

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227132808/http://www.securityfocus.com/bid/102926

reference_url

https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29

reference_url	http://www.securityfocus.com/bid/102926
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/102926

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1509868
reference_id	1509868
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1509868

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial::::::::
reference_id	cpe:2.3:a:mercurial:mercurial::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-17458

reference_id

CVE-2017-17458

reference_type

scores

value	10.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:C/I:C/A:C

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-17458

reference_url

https://github.com/advisories/GHSA-6v56-cpg6-3rpx

reference_id

GHSA-6v56-cpg6-3rpx

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6v56-cpg6-3rpx

fixed_packages

url pkg:pypi/mercurial@4.4.1

purl pkg:pypi/mercurial@4.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kmd-1kun-qbdd

vulnerability	VCID-bahp-n5dx-2qeg

vulnerability	VCID-hhwu-knps-qqfw

vulnerability	VCID-t9gd-va4q-a3ga

vulnerability	VCID-v91s-ety2-x7au

vulnerability	VCID-z346-9s62-afaz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.4.1

aliases CVE-2017-17458, GHSA-6v56-cpg6-3rpx, PYSEC-2017-90

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nruh-my9y-jqfj

url VCID-t9gd-va4q-a3ga

vulnerability_id VCID-t9gd-va4q-a3ga

summary cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17983.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17983.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-17983

reference_id

reference_type

scores

value	0.00448
scoring_system	epss
scoring_elements	0.63578
published_at	2026-04-18T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63448
published_at	2026-04-01T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63508
published_at	2026-04-02T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63535
published_at	2026-04-13T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.635
published_at	2026-04-07T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63551
published_at	2026-04-08T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63569
published_at	2026-04-12T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63585
published_at	2026-04-11T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63571
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-17983

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17983
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17983

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-91.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-91.yaml

reference_url

https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1637556
reference_id	1637556
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1637556

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-17983

reference_id

CVE-2018-17983

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-17983

reference_url

https://github.com/advisories/GHSA-p575-cf9h-wv42

reference_id

GHSA-p575-cf9h-wv42

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p575-cf9h-wv42

reference_url	https://usn.ubuntu.com/5102-1/
reference_id	USN-5102-1
reference_type
scores
url	https://usn.ubuntu.com/5102-1/

reference_url	https://usn.ubuntu.com/USN-5102-2/
reference_id	USN-USN-5102-2
reference_type
scores
url	https://usn.ubuntu.com/USN-5102-2/

fixed_packages

url pkg:pypi/mercurial@4.7.2

purl pkg:pypi/mercurial@4.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-z346-9s62-afaz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.7.2

aliases CVE-2018-17983, GHSA-p575-cf9h-wv42, PYSEC-2018-91

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9gd-va4q-a3ga

url VCID-v91s-ety2-x7au

vulnerability_id VCID-v91s-ety2-x7au

summary The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13348.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13348.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-13348

reference_id

reference_type

scores

value	0.00613
scoring_system	epss
scoring_elements	0.69886
published_at	2026-04-18T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.69773
published_at	2026-04-01T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.69785
published_at	2026-04-02T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.69801
published_at	2026-04-04T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.69777
published_at	2026-04-07T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.69825
published_at	2026-04-08T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.6984
published_at	2026-04-09T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.69863
published_at	2026-04-11T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.69849
published_at	2026-04-12T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.69834
published_at	2026-04-13T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.69876
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-13348

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13348
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13348

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-90.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-90.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_url

https://www.mercurial-scm.org/repo/hg/rev/90a274965de7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/repo/hg/rev/90a274965de7

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1594083
reference_id	1594083
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1594083

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050
reference_id	901050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial::::::::
reference_id	cpe:2.3:a:mercurial:mercurial::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-13348

reference_id

CVE-2018-13348

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-13348

reference_url

https://github.com/advisories/GHSA-3v62-ww8w-758m

reference_id

GHSA-3v62-ww8w-758m

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3v62-ww8w-758m

fixed_packages

url pkg:pypi/mercurial@4.6.1

purl pkg:pypi/mercurial@4.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-t9gd-va4q-a3ga

vulnerability	VCID-z346-9s62-afaz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6.1

aliases CVE-2018-13348, GHSA-3v62-ww8w-758m, PYSEC-2018-90

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v91s-ety2-x7au

url VCID-z346-9s62-afaz

vulnerability_id VCID-z346-9s62-afaz

summary A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3902.json

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3902.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3902

reference_id

reference_type

scores

value	0.00531
scoring_system	epss
scoring_elements	0.67313
published_at	2026-04-18T12:55:00Z

value	0.00531
scoring_system	epss
scoring_elements	0.67252
published_at	2026-04-04T12:55:00Z

value	0.00531
scoring_system	epss
scoring_elements	0.67265
published_at	2026-04-13T12:55:00Z

value	0.00531
scoring_system	epss
scoring_elements	0.673
published_at	2026-04-16T12:55:00Z

value	0.00531
scoring_system	epss
scoring_elements	0.67314
published_at	2026-04-11T12:55:00Z

value	0.00531
scoring_system	epss
scoring_elements	0.67294
published_at	2026-04-09T12:55:00Z

value	0.00531
scoring_system	epss
scoring_elements	0.67191
published_at	2026-04-01T12:55:00Z

value	0.00531
scoring_system	epss
scoring_elements	0.67229
published_at	2026-04-07T12:55:00Z

value	0.00531
scoring_system	epss
scoring_elements	0.67281
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3902

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3902

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2019-188.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2019-188.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_url

https://usn.ubuntu.com/4086-1

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4086-1

reference_url	https://usn.ubuntu.com/4086-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4086-1/

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1696025
reference_id	1696025
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1696025

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927674
reference_id	927674
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927674

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3902

reference_id

CVE-2019-3902

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3902

reference_url

https://github.com/advisories/GHSA-mq66-vcfc-8246

reference_id

GHSA-mq66-vcfc-8246

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mq66-vcfc-8246

reference_url	https://usn.ubuntu.com/5102-1/
reference_id	USN-5102-1
reference_type
scores
url	https://usn.ubuntu.com/5102-1/

reference_url	https://usn.ubuntu.com/USN-5102-2/
reference_id	USN-USN-5102-2
reference_type
scores
url	https://usn.ubuntu.com/USN-5102-2/

fixed_packages

url	pkg:pypi/mercurial@4.9
purl	pkg:pypi/mercurial@4.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.9

aliases CVE-2019-3902, GHSA-mq66-vcfc-8246, PYSEC-2019-188

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z346-9s62-afaz

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.4-rc

Package Instance