Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/314751?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/314751?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6?arch=x86&distroversion=v3.21&reponame=community", "type": "apk", "namespace": "alpine", "name": "qt6-qtwebengine", "version": "6.7.2-r6", "qualifiers": { "arch": "x86", "distroversion": "v3.21", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63826?format=api", "vulnerability_id": "VCID-231c-8c2j-3fhb", "summary": "Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44514", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44527", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44536", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10231" }, { "reference_url": "https://issues.chromium.org/issues/372269618", "reference_id": "372269618", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-23T14:26:07Z/" } ], "url": "https://issues.chromium.org/issues/372269618" }, { "reference_url": "https://security.gentoo.org/glsa/202501-09", "reference_id": "GLSA-202501-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-09" }, { "reference_url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html", "reference_id": "stable-channel-update-for-desktop_22.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-23T14:26:07Z/" } ], "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/314751?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6%3Farch=x86&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-10231" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-231c-8c2j-3fhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63828?format=api", "vulnerability_id": "VCID-54p4-3xkt-qbev", "summary": "Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10487", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53524", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53528", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53537", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10487" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10487" }, { "reference_url": "https://issues.chromium.org/issues/375123371", "reference_id": "375123371", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-31T03:55:21Z/" } ], "url": "https://issues.chromium.org/issues/375123371" }, { "reference_url": "https://security.gentoo.org/glsa/202507-07", "reference_id": "GLSA-202507-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-07" }, { "reference_url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html", "reference_id": "stable-channel-update-for-desktop_29.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-31T03:55:21Z/" } ], "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/314751?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6%3Farch=x86&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-10487" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-54p4-3xkt-qbev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64251?format=api", "vulnerability_id": "VCID-8bh1-72et-r3hf", "summary": "Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9123", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44358", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44373", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44382", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9123" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9123", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9123" }, { "reference_url": "https://issues.chromium.org/issues/365884464", "reference_id": "365884464", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T03:55:49Z/" } ], "url": "https://issues.chromium.org/issues/365884464" }, { "reference_url": "https://security.gentoo.org/glsa/202501-09", "reference_id": "GLSA-202501-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-09" }, { "reference_url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html", "reference_id": "stable-channel-update-for-desktop_24.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T03:55:49Z/" } ], "url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/314751?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6%3Farch=x86&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-9123" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8bh1-72et-r3hf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67077?format=api", "vulnerability_id": "VCID-8exy-mbq6-bqb9", "summary": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45492.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45492.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45492", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02269", "scoring_system": "epss", "scoring_elements": "0.84963", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02269", "scoring_system": "epss", "scoring_elements": "0.84965", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02269", "scoring_system": "epss", "scoring_elements": "0.8497", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45492" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45492", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45492" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080152", "reference_id": "1080152", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080152" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308617", "reference_id": "2308617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308617" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/889", "reference_id": "889", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-30T13:53:05Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/889" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/892", "reference_id": "892", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-30T13:53:05Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/892" }, { "reference_url": "https://security.gentoo.org/glsa/202501-09", "reference_id": "GLSA-202501-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10135", "reference_id": "RHSA-2024:10135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11109", "reference_id": "RHSA-2024:11109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6754", "reference_id": "RHSA-2024:6754", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6754" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6989", "reference_id": "RHSA-2024:6989", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6989" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7213", "reference_id": "RHSA-2024:7213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7599", "reference_id": "RHSA-2024:7599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9610", "reference_id": "RHSA-2024:9610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9610" }, { "reference_url": "https://usn.ubuntu.com/7000-1/", "reference_id": "USN-7000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7000-1/" }, { "reference_url": "https://usn.ubuntu.com/7000-2/", "reference_id": "USN-7000-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7000-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/314751?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6%3Farch=x86&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-45492" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8exy-mbq6-bqb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63825?format=api", "vulnerability_id": "VCID-9tkv-hhnc-2yes", "summary": "Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45298", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45313", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45317", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10230" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10230", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10230" }, { "reference_url": "https://issues.chromium.org/issues/371565065", "reference_id": "371565065", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-23T14:28:20Z/" } ], "url": "https://issues.chromium.org/issues/371565065" }, { "reference_url": "https://security.gentoo.org/glsa/202501-09", "reference_id": "GLSA-202501-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-09" }, { "reference_url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html", "reference_id": "stable-channel-update-for-desktop_22.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-23T14:28:20Z/" } ], "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/314751?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6%3Farch=x86&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-10230" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9tkv-hhnc-2yes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67076?format=api", "vulnerability_id": "VCID-ax2q-63fe-fqes", "summary": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45491.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45491.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01143", "scoring_system": "epss", "scoring_elements": "0.788", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01143", "scoring_system": "epss", "scoring_elements": "0.78801", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01143", "scoring_system": "epss", "scoring_elements": "0.78809", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45491" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080150", "reference_id": "1080150", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080150" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308616", "reference_id": "2308616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308616" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/888", "reference_id": "888", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-30T13:53:48Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/888" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/891", "reference_id": "891", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-30T13:53:48Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/891" }, { "reference_url": "https://security.gentoo.org/glsa/202501-09", "reference_id": "GLSA-202501-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10135", "reference_id": "RHSA-2024:10135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11109", "reference_id": "RHSA-2024:11109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6754", "reference_id": "RHSA-2024:6754", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6754" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6989", "reference_id": "RHSA-2024:6989", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6989" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7213", "reference_id": "RHSA-2024:7213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7599", "reference_id": "RHSA-2024:7599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8859", "reference_id": "RHSA-2024:8859", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8859" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9610", "reference_id": "RHSA-2024:9610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9610" }, { "reference_url": "https://usn.ubuntu.com/7000-1/", "reference_id": "USN-7000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7000-1/" }, { "reference_url": "https://usn.ubuntu.com/7000-2/", "reference_id": "USN-7000-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7000-2/" }, { "reference_url": "https://usn.ubuntu.com/7001-1/", "reference_id": "USN-7001-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7001-1/" }, { "reference_url": "https://usn.ubuntu.com/7001-2/", "reference_id": "USN-7001-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7001-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/314751?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6%3Farch=x86&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-45491" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ax2q-63fe-fqes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64269?format=api", "vulnerability_id": "VCID-cfp1-xh5t-rbaa", "summary": "Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01745", "scoring_system": "epss", "scoring_elements": "0.82903", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01745", "scoring_system": "epss", "scoring_elements": "0.829", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9965" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9965", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9965" }, { "reference_url": "https://issues.chromium.org/issues/352651673", "reference_id": "352651673", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-25T18:32:02Z/" } ], "url": "https://issues.chromium.org/issues/352651673" }, { "reference_url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html", "reference_id": "stable-channel-update-for-desktop_15.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-25T18:32:02Z/" } ], "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/314751?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6%3Farch=x86&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-9965" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cfp1-xh5t-rbaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64253?format=api", "vulnerability_id": "VCID-ezts-1p5y-4fdv", "summary": "Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9369", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34185", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34203", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34218", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9369" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9369", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9369" }, { "reference_url": "https://issues.chromium.org/issues/368208152", "reference_id": "368208152", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T18:42:50Z/" } ], "url": "https://issues.chromium.org/issues/368208152" }, { "reference_url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T18:42:50Z/" } ], "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/314751?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6%3Farch=x86&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-9369" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ezts-1p5y-4fdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64255?format=api", "vulnerability_id": "VCID-f6mg-55sw-1yeg", "summary": "Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9602", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.62285", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.62289", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.62296", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9602" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9602" }, { "reference_url": "https://issues.chromium.org/issues/368241697", "reference_id": "368241697", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T16:11:31Z/" } ], "url": "https://issues.chromium.org/issues/368241697" }, { "reference_url": "https://security.gentoo.org/glsa/202501-09", "reference_id": "GLSA-202501-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-09" }, { "reference_url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html", "reference_id": "stable-channel-update-for-desktop_8.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T16:11:31Z/" } ], "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/314751?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6%3Farch=x86&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-9602" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f6mg-55sw-1yeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64270?format=api", "vulnerability_id": "VCID-f9x9-qb3a-7kgy", "summary": "Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24871", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24939", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24928", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9966" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9966", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9966" }, { "reference_url": "https://issues.chromium.org/issues/364773822", "reference_id": "364773822", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T19:41:38Z/" } ], "url": "https://issues.chromium.org/issues/364773822" }, { "reference_url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html", "reference_id": "stable-channel-update-for-desktop_15.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T19:41:38Z/" } ], "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/314751?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6%3Farch=x86&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-9966" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f9x9-qb3a-7kgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64256?format=api", "vulnerability_id": "VCID-hffr-2xgd-nfdr", "summary": "Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9603", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29884", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29952", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29915", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9603" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9603", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9603" }, { "reference_url": "https://issues.chromium.org/issues/367818758", "reference_id": "367818758", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T16:03:30Z/" } ], "url": "https://issues.chromium.org/issues/367818758" }, { "reference_url": "https://security.gentoo.org/glsa/202501-09", "reference_id": "GLSA-202501-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-09" }, { "reference_url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html", "reference_id": "stable-channel-update-for-desktop_8.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T16:03:30Z/" } ], "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/314751?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6%3Farch=x86&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-9603" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hffr-2xgd-nfdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67075?format=api", "vulnerability_id": "VCID-qtmr-pxkm-9fav", "summary": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45490.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45490.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45490", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00613", "scoring_system": "epss", "scoring_elements": "0.70254", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00613", "scoring_system": "epss", "scoring_elements": "0.70263", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00613", "scoring_system": "epss", "scoring_elements": "0.70271", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45490" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45490" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080149", "reference_id": "1080149", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080149" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308615", "reference_id": "2308615", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308615" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/887", "reference_id": "887", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-30T18:17:03Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/887" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/890", "reference_id": "890", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-30T18:17:03Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/890" }, { "reference_url": "https://security.gentoo.org/glsa/202501-09", "reference_id": "GLSA-202501-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10135", "reference_id": "RHSA-2024:10135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11109", "reference_id": "RHSA-2024:11109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6754", "reference_id": "RHSA-2024:6754", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6754" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6989", "reference_id": "RHSA-2024:6989", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6989" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7213", "reference_id": "RHSA-2024:7213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7599", "reference_id": "RHSA-2024:7599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9610", "reference_id": "RHSA-2024:9610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9610" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3453", "reference_id": "RHSA-2025:3453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3453" }, { "reference_url": "https://usn.ubuntu.com/7000-1/", "reference_id": "USN-7000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7000-1/" }, { "reference_url": "https://usn.ubuntu.com/7000-2/", "reference_id": "USN-7000-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7000-2/" }, { "reference_url": "https://usn.ubuntu.com/7001-1/", "reference_id": "USN-7001-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7001-1/" }, { "reference_url": "https://usn.ubuntu.com/7001-2/", "reference_id": "USN-7001-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7001-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/314751?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6%3Farch=x86&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-45490" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtmr-pxkm-9fav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63854?format=api", "vulnerability_id": "VCID-rs1v-u9ub-pyf9", "summary": "Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10827", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00839", "scoring_system": "epss", "scoring_elements": "0.75085", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00839", "scoring_system": "epss", "scoring_elements": "0.75088", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00839", "scoring_system": "epss", "scoring_elements": "0.75092", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10827" }, { "reference_url": "https://issues.chromium.org/issues/375065084", "reference_id": "375065084", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-06T17:04:09Z/" } ], "url": "https://issues.chromium.org/issues/375065084" }, { "reference_url": "https://security.gentoo.org/glsa/202501-09", "reference_id": "GLSA-202501-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-09" }, { "reference_url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-06T17:04:09Z/" } ], "url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/314751?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6%3Farch=x86&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-10827" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rs1v-u9ub-pyf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64250?format=api", "vulnerability_id": "VCID-w8fx-ep5t-tfcz", "summary": "Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9122", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15009", "scoring_system": "epss", "scoring_elements": "0.94704", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.15009", "scoring_system": "epss", "scoring_elements": "0.94702", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.15009", "scoring_system": "epss", "scoring_elements": "0.94703", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9122" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9122", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9122" }, { "reference_url": "https://issues.chromium.org/issues/365802567", "reference_id": "365802567", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-25T16:24:14Z/" } ], "url": "https://issues.chromium.org/issues/365802567" }, { "reference_url": "https://security.gentoo.org/glsa/202501-09", "reference_id": "GLSA-202501-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-09" }, { "reference_url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html", "reference_id": "stable-channel-update-for-desktop_24.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-25T16:24:14Z/" } ], "url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/314751?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6%3Farch=x86&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-9122" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8fx-ep5t-tfcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63824?format=api", "vulnerability_id": "VCID-xnvx-sc5k-xbbh", "summary": "Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17498", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17542", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17536", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10229" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10229", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10229" }, { "reference_url": "https://issues.chromium.org/issues/371011220", "reference_id": "371011220", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-23T14:37:18Z/" } ], "url": "https://issues.chromium.org/issues/371011220" }, { "reference_url": "https://security.gentoo.org/glsa/202501-09", "reference_id": "GLSA-202501-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-09" }, { "reference_url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html", "reference_id": "stable-channel-update-for-desktop_22.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-23T14:37:18Z/" } ], "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/314751?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6%3Farch=x86&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-10229" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xnvx-sc5k-xbbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64248?format=api", "vulnerability_id": "VCID-yeqy-h2x6-bfa7", "summary": "Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45512", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45529", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45533", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9120" }, { "reference_url": "https://issues.chromium.org/issues/365254285", "reference_id": "365254285", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-25T16:25:39Z/" } ], "url": "https://issues.chromium.org/issues/365254285" }, { "reference_url": "https://security.gentoo.org/glsa/202501-09", "reference_id": "GLSA-202501-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-09" }, { "reference_url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html", "reference_id": "stable-channel-update-for-desktop_24.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-25T16:25:39Z/" } ], "url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/314751?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6%3Farch=x86&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-9120" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yeqy-h2x6-bfa7" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.7.2-r6%3Farch=x86&distroversion=v3.21&reponame=community" }