Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/313955?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/313955?format=api", "purl": "pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7?arch=armhf&distroversion=v3.21&reponame=community", "type": "apk", "namespace": "alpine", "name": "qt5-qtwebengine", "version": "5.15.17-r7", "qualifiers": { "arch": "armhf", "distroversion": "v3.21", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64556?format=api", "vulnerability_id": "VCID-3194-1n1h-efd2", "summary": "An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24201.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24201.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43434", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43448", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43458", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24201" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.apple.com/en-us/122281", "reference_id": "122281", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-11-12T14:31:38Z/" } ], "url": "https://support.apple.com/en-us/122281" }, { "reference_url": "https://support.apple.com/en-us/122283", "reference_id": "122283", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-11-12T14:31:38Z/" } ], "url": "https://support.apple.com/en-us/122283" }, { "reference_url": "https://support.apple.com/en-us/122284", "reference_id": "122284", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-11-12T14:31:38Z/" } ], "url": "https://support.apple.com/en-us/122284" }, { "reference_url": "https://support.apple.com/en-us/122285", "reference_id": "122285", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-11-12T14:31:38Z/" } ], "url": "https://support.apple.com/en-us/122285" }, { "reference_url": "https://support.apple.com/en-us/122345", "reference_id": "122345", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-11-12T14:31:38Z/" } ], "url": "https://support.apple.com/en-us/122345" }, { "reference_url": "https://support.apple.com/en-us/122346", "reference_id": "122346", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-11-12T14:31:38Z/" } ], "url": "https://support.apple.com/en-us/122346" }, { "reference_url": "https://support.apple.com/en-us/122372", "reference_id": "122372", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-11-12T14:31:38Z/" } ], "url": "https://support.apple.com/en-us/122372" }, { "reference_url": "https://support.apple.com/en-us/122376", "reference_id": "122376", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-11-12T14:31:38Z/" } ], "url": "https://support.apple.com/en-us/122376" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351802", "reference_id": "2351802", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351802" }, { "reference_url": "https://security.gentoo.org/glsa/202511-02", "reference_id": "GLSA-202511-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202511-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10364", "reference_id": "RHSA-2025:10364", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10364" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2863", "reference_id": "RHSA-2025:2863", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2864", "reference_id": "RHSA-2025:2864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2997", "reference_id": "RHSA-2025:2997", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2997" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2998", "reference_id": "RHSA-2025:2998", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2998" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3000", "reference_id": "RHSA-2025:3000", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3001", "reference_id": "RHSA-2025:3001", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3002", "reference_id": "RHSA-2025:3002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3005", "reference_id": "RHSA-2025:3005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3034", "reference_id": "RHSA-2025:3034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3034" }, { "reference_url": "https://usn.ubuntu.com/7395-1/", "reference_id": "USN-7395-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7395-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/313955?format=api", "purl": "pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7?arch=armhf&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7%3Farch=armhf&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2025-24201" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3194-1n1h-efd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78038?format=api", "vulnerability_id": "VCID-518x-ten9-sfe3", "summary": "xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55549.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55549.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55549", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27946", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27857", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27894", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55549" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55549", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55549" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100565", "reference_id": "1100565", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100565" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352484", "reference_id": "2352484", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3613", "reference_id": "RHSA-2025:3613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3614", "reference_id": "RHSA-2025:3614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3615", "reference_id": "RHSA-2025:3615", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3615" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3619", "reference_id": "RHSA-2025:3619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3624", "reference_id": "RHSA-2025:3624", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3624" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3625", "reference_id": "RHSA-2025:3625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3626", "reference_id": "RHSA-2025:3626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3627", "reference_id": "RHSA-2025:3627", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3627" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4025", "reference_id": "RHSA-2025:4025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4098", "reference_id": "RHSA-2025:4098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4422", "reference_id": "RHSA-2025:4422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4427", "reference_id": "RHSA-2025:4427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4431", "reference_id": "RHSA-2025:4431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4677", "reference_id": "RHSA-2025:4677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4731", "reference_id": "RHSA-2025:4731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7410", "reference_id": "RHSA-2025:7410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7496", "reference_id": "RHSA-2025:7496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7702", "reference_id": "RHSA-2025:7702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8303", "reference_id": "RHSA-2025:8303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8303" }, { "reference_url": "https://usn.ubuntu.com/7357-1/", "reference_id": "USN-7357-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7357-1/" }, { "reference_url": "https://usn.ubuntu.com/7787-1/", "reference_id": "USN-7787-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7787-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/313955?format=api", "purl": "pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7?arch=armhf&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7%3Farch=armhf&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-55549" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-518x-ten9-sfe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64558?format=api", "vulnerability_id": "VCID-52g3-s35s-1kfd", "summary": "Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2783.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2783.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2783", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.4686", "scoring_system": "epss", "scoring_elements": "0.97733", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.4686", "scoring_system": "epss", "scoring_elements": "0.97734", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2783" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355557", "reference_id": "2355557", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355557" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/webapps/52403.txt", "reference_id": "CVE-2025-2783", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/webapps/52403.txt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/313955?format=api", "purl": "pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7?arch=armhf&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7%3Farch=armhf&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2025-2783" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-52g3-s35s-1kfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64548?format=api", "vulnerability_id": "VCID-bf49-1ck1-5yb5", "summary": "Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1919", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00665", "scoring_system": "epss", "scoring_elements": "0.71629", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00665", "scoring_system": "epss", "scoring_elements": "0.71647", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00665", "scoring_system": "epss", "scoring_elements": "0.71653", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1919" }, { "reference_url": "https://issues.chromium.org/issues/392375312", "reference_id": "392375312", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:13Z/" } ], "url": "https://issues.chromium.org/issues/392375312" }, { "reference_url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T04:55:13Z/" } ], "url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/313955?format=api", "purl": "pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7?arch=armhf&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7%3Farch=armhf&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2025-1919" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bf49-1ck1-5yb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78039?format=api", "vulnerability_id": "VCID-bt7a-eucw-gkbq", "summary": "numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24855.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24855.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25066", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25131", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25119", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24855" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100566", "reference_id": "1100566", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100566" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352483", "reference_id": "2352483", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3107", "reference_id": "RHSA-2025:3107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3389", "reference_id": "RHSA-2025:3389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3528", "reference_id": "RHSA-2025:3528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3615", "reference_id": "RHSA-2025:3615", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3615" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3619", "reference_id": "RHSA-2025:3619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3624", "reference_id": "RHSA-2025:3624", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3624" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3625", "reference_id": "RHSA-2025:3625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3626", "reference_id": "RHSA-2025:3626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3627", "reference_id": "RHSA-2025:3627", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3627" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4098", "reference_id": "RHSA-2025:4098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4422", "reference_id": "RHSA-2025:4422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4427", "reference_id": "RHSA-2025:4427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4431", "reference_id": "RHSA-2025:4431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4677", "reference_id": "RHSA-2025:4677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4731", "reference_id": "RHSA-2025:4731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7496", "reference_id": "RHSA-2025:7496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7702", "reference_id": "RHSA-2025:7702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8303", "reference_id": "RHSA-2025:8303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8303" }, { "reference_url": "https://usn.ubuntu.com/7361-1/", "reference_id": "USN-7361-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7361-1/" }, { "reference_url": "https://usn.ubuntu.com/7787-1/", "reference_id": "USN-7787-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7787-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/313955?format=api", "purl": "pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7?arch=armhf&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7%3Farch=armhf&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2025-24855" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bt7a-eucw-gkbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64554?format=api", "vulnerability_id": "VCID-g7zz-3cqc-r7fz", "summary": "Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57775", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57777", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57785", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2136", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2136" }, { "reference_url": "https://issues.chromium.org/issues/395032416", "reference_id": "395032416", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T04:00:34Z/" } ], "url": "https://issues.chromium.org/issues/395032416" }, { "reference_url": "https://security.gentoo.org/glsa/202507-07", "reference_id": "GLSA-202507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-07" }, { "reference_url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html", "reference_id": "stable-channel-update-for-desktop_10.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T04:00:34Z/" } ], "url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/313955?format=api", "purl": "pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7?arch=armhf&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7%3Farch=armhf&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2025-2136" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g7zz-3cqc-r7fz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64296?format=api", "vulnerability_id": "VCID-gvma-xgh1-vyfq", "summary": "Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0762", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59345", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.5935", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59353", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0762" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0762", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0762" }, { "reference_url": "https://issues.chromium.org/issues/384844003", "reference_id": "384844003", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-29T14:20:02Z/" } ], "url": "https://issues.chromium.org/issues/384844003" }, { "reference_url": "https://security.gentoo.org/glsa/202507-07", "reference_id": "GLSA-202507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-07" }, { "reference_url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_28.html", "reference_id": "stable-channel-update-for-desktop_28.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-29T14:20:02Z/" } ], "url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_28.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/313955?format=api", "purl": "pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7?arch=armhf&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7%3Farch=armhf&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2025-0762" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gvma-xgh1-vyfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64303?format=api", "vulnerability_id": "VCID-gyfz-x4y6-q3ck", "summary": "Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0999", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.7559", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75598", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75601", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0999" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0999", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0999" }, { "reference_url": "https://issues.chromium.org/issues/394350433", "reference_id": "394350433", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:05:30Z/" } ], "url": "https://issues.chromium.org/issues/394350433" }, { "reference_url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html", "reference_id": "stable-channel-update-for-desktop_18.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:05:30Z/" } ], "url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/313955?format=api", "purl": "pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7?arch=armhf&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7%3Farch=armhf&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2025-0999" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gyfz-x4y6-q3ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64568?format=api", "vulnerability_id": "VCID-k32f-bxt1-eqc8", "summary": "Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3619", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.3165", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31721", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31688", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3619" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3619" }, { "reference_url": "https://issues.chromium.org/issues/409619251", "reference_id": "409619251", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-17T13:38:46Z/" } ], "url": "https://issues.chromium.org/issues/409619251" }, { "reference_url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html", "reference_id": "stable-channel-update-for-desktop_15.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-17T13:38:46Z/" } ], "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/313955?format=api", "purl": "pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7?arch=armhf&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7%3Farch=armhf&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2025-3619" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k32f-bxt1-eqc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64274?format=api", "vulnerability_id": "VCID-k8s4-aje7-47gk", "summary": "Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66758", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66765", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66772", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0436" }, { "reference_url": "https://issues.chromium.org/issues/382786791", "reference_id": "382786791", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-15T14:49:46Z/" } ], "url": "https://issues.chromium.org/issues/382786791" }, { "reference_url": "https://security.gentoo.org/glsa/202507-07", "reference_id": "GLSA-202507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-07" }, { "reference_url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html", "reference_id": "stable-channel-update-for-desktop_14.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-15T14:49:46Z/" } ], "url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/313955?format=api", "purl": "pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7?arch=armhf&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7%3Farch=armhf&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2025-0436" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8s4-aje7-47gk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63892?format=api", "vulnerability_id": "VCID-mt59-p1kw-8udw", "summary": "Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12694", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.67188", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.67196", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.67203", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12694", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12694" }, { "reference_url": "https://issues.chromium.org/issues/368222741", "reference_id": "368222741", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-20T04:55:46Z/" } ], "url": "https://issues.chromium.org/issues/368222741" }, { "reference_url": "https://security.gentoo.org/glsa/202507-07", "reference_id": "GLSA-202507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-07" }, { "reference_url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html", "reference_id": "stable-channel-update-for-desktop_18.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-20T04:55:46Z/" } ], "url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/313955?format=api", "purl": "pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7?arch=armhf&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7%3Farch=armhf&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-12694" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mt59-p1kw-8udw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64301?format=api", "vulnerability_id": "VCID-qtaa-hk3f-s3ff", "summary": "Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0996", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25416", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25477", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25463", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0996" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0996", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0996" }, { "reference_url": "https://issues.chromium.org/issues/391788835", "reference_id": "391788835", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T17:17:20Z/" } ], "url": "https://issues.chromium.org/issues/391788835" }, { "reference_url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html", "reference_id": "stable-channel-update-for-desktop_12.html", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T17:17:20Z/" } ], "url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/313955?format=api", "purl": "pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7?arch=armhf&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7%3Farch=armhf&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2025-0996" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtaa-hk3f-s3ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64538?format=api", "vulnerability_id": "VCID-u2mf-1wmy-eqhs", "summary": "Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1426", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60477", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60485", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60488", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1426" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1426", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1426" }, { "reference_url": "https://issues.chromium.org/issues/383465163", "reference_id": "383465163", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:08:33Z/" } ], "url": "https://issues.chromium.org/issues/383465163" }, { "reference_url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html", "reference_id": "stable-channel-update-for-desktop_18.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:08:33Z/" } ], "url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/313955?format=api", "purl": "pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7?arch=armhf&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7%3Farch=armhf&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2025-1426" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2mf-1wmy-eqhs" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt5-qtwebengine@5.15.17-r7%3Farch=armhf&distroversion=v3.21&reponame=community" }