Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/323815?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/323815?format=api", "purl": "pkg:apk/alpine/firefox@70.0-r0?arch=x86_64&distroversion=v3.18&reponame=community", "type": "apk", "namespace": "alpine", "name": "firefox", "version": "70.0-r0", "qualifiers": { "arch": "x86_64", "distroversion": "v3.18", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "71.0.1-r0", "latest_non_vulnerable_version": "119.0-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1587?format=api", "vulnerability_id": "VCID-1jrk-9n37-qfcv", "summary": "When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11757.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11757.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11757", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00886", "scoring_system": "epss", "scoring_elements": "0.75849", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00886", "scoring_system": "epss", "scoring_elements": "0.75822", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764438", "reference_id": "1764438", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764438" }, { "reference_url": "https://security.archlinux.org/ASA-201910-15", "reference_id": "ASA-201910-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-15" }, { "reference_url": "https://security.archlinux.org/ASA-201910-16", "reference_id": "ASA-201910-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-16" }, { "reference_url": "https://security.archlinux.org/AVG-1054", "reference_id": "AVG-1054", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1054" }, { "reference_url": "https://security.archlinux.org/AVG-1055", "reference_id": "AVG-1055", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1055" }, { "reference_url": "https://security.gentoo.org/glsa/202003-10", "reference_id": "GLSA-202003-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-10" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-33", "reference_id": "mfsa2019-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-33" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34", "reference_id": "mfsa2019-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-35", "reference_id": "mfsa2019-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-35" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3193", "reference_id": "RHSA-2019:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3196", "reference_id": "RHSA-2019:3196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3210", "reference_id": "RHSA-2019:3210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3237", "reference_id": "RHSA-2019:3237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3281", "reference_id": "RHSA-2019:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3756", "reference_id": "RHSA-2019:3756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3756" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/323815?format=api", "purl": "pkg:apk/alpine/firefox@70.0-r0?arch=x86_64&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@70.0-r0%3Farch=x86_64&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-11757" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1jrk-9n37-qfcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1591?format=api", "vulnerability_id": "VCID-b5fq-qdud-dfb9", "summary": "By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11761.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11761.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.62002", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61952", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764442", "reference_id": "1764442", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764442" }, { "reference_url": "https://security.archlinux.org/ASA-201910-15", "reference_id": "ASA-201910-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-15" }, { "reference_url": "https://security.archlinux.org/ASA-201910-16", "reference_id": "ASA-201910-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-16" }, { "reference_url": "https://security.archlinux.org/AVG-1054", "reference_id": "AVG-1054", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1054" }, { "reference_url": "https://security.archlinux.org/AVG-1055", "reference_id": "AVG-1055", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1055" }, { "reference_url": "https://security.gentoo.org/glsa/202003-10", "reference_id": "GLSA-202003-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-10" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-33", "reference_id": "mfsa2019-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-33" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34", "reference_id": "mfsa2019-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-35", "reference_id": "mfsa2019-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-35" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3193", "reference_id": "RHSA-2019:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3196", "reference_id": "RHSA-2019:3196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3210", "reference_id": "RHSA-2019:3210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3237", "reference_id": "RHSA-2019:3237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3281", "reference_id": "RHSA-2019:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3756", "reference_id": "RHSA-2019:3756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3756" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/323815?format=api", "purl": "pkg:apk/alpine/firefox@70.0-r0?arch=x86_64&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@70.0-r0%3Farch=x86_64&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-11761" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b5fq-qdud-dfb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1590?format=api", "vulnerability_id": "VCID-bymc-339x-hqd2", "summary": "A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11760.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11760.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11760", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01271", "scoring_system": "epss", "scoring_elements": "0.79867", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01271", "scoring_system": "epss", "scoring_elements": "0.79842", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764441", "reference_id": "1764441", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764441" }, { "reference_url": "https://security.archlinux.org/ASA-201910-15", "reference_id": "ASA-201910-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-15" }, { "reference_url": "https://security.archlinux.org/ASA-201910-16", "reference_id": "ASA-201910-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-16" }, { "reference_url": "https://security.archlinux.org/AVG-1054", "reference_id": "AVG-1054", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1054" }, { "reference_url": "https://security.archlinux.org/AVG-1055", "reference_id": "AVG-1055", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1055" }, { "reference_url": "https://security.gentoo.org/glsa/202003-10", "reference_id": "GLSA-202003-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-10" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-33", "reference_id": "mfsa2019-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-33" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34", "reference_id": "mfsa2019-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-35", "reference_id": "mfsa2019-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-35" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3193", "reference_id": "RHSA-2019:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3196", "reference_id": "RHSA-2019:3196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3210", "reference_id": "RHSA-2019:3210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3237", "reference_id": "RHSA-2019:3237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3281", "reference_id": "RHSA-2019:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3756", "reference_id": "RHSA-2019:3756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3756" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/323815?format=api", "purl": "pkg:apk/alpine/firefox@70.0-r0?arch=x86_64&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@70.0-r0%3Farch=x86_64&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-11760" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bymc-339x-hqd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1589?format=api", "vulnerability_id": "VCID-kx36-ey2t-bygw", "summary": "An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11759.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11759.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11759", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0213", "scoring_system": "epss", "scoring_elements": "0.84511", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0213", "scoring_system": "epss", "scoring_elements": "0.84487", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764440", "reference_id": "1764440", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764440" }, { "reference_url": "https://security.archlinux.org/ASA-201910-15", "reference_id": "ASA-201910-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-15" }, { "reference_url": "https://security.archlinux.org/ASA-201910-16", "reference_id": "ASA-201910-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-16" }, { "reference_url": "https://security.archlinux.org/AVG-1054", "reference_id": "AVG-1054", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1054" }, { "reference_url": "https://security.archlinux.org/AVG-1055", "reference_id": "AVG-1055", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1055" }, { "reference_url": "https://security.gentoo.org/glsa/202003-10", "reference_id": "GLSA-202003-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-10" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-33", "reference_id": "mfsa2019-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-33" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34", "reference_id": "mfsa2019-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-35", "reference_id": "mfsa2019-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-35" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3193", "reference_id": "RHSA-2019:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3196", "reference_id": "RHSA-2019:3196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3210", "reference_id": "RHSA-2019:3210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3237", "reference_id": "RHSA-2019:3237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3281", "reference_id": "RHSA-2019:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3756", "reference_id": "RHSA-2019:3756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3756" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/323815?format=api", "purl": "pkg:apk/alpine/firefox@70.0-r0?arch=x86_64&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@70.0-r0%3Farch=x86_64&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-11759" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kx36-ey2t-bygw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1593?format=api", "vulnerability_id": "VCID-nnt4-kek2-w7dd", "summary": "Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11763.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11763.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74503", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74471", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764444", "reference_id": "1764444", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764444" }, { "reference_url": "https://security.archlinux.org/ASA-201910-15", "reference_id": "ASA-201910-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-15" }, { "reference_url": "https://security.archlinux.org/ASA-201910-16", "reference_id": "ASA-201910-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-16" }, { "reference_url": "https://security.archlinux.org/AVG-1054", "reference_id": "AVG-1054", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1054" }, { "reference_url": "https://security.archlinux.org/AVG-1055", "reference_id": "AVG-1055", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1055" }, { "reference_url": "https://security.gentoo.org/glsa/202003-10", "reference_id": "GLSA-202003-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-10" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-33", "reference_id": "mfsa2019-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-33" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34", "reference_id": "mfsa2019-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-35", "reference_id": "mfsa2019-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-35" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3193", "reference_id": "RHSA-2019:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3196", "reference_id": "RHSA-2019:3196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3210", "reference_id": "RHSA-2019:3210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3237", "reference_id": "RHSA-2019:3237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3281", "reference_id": "RHSA-2019:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3756", "reference_id": "RHSA-2019:3756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3756" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/323815?format=api", "purl": "pkg:apk/alpine/firefox@70.0-r0?arch=x86_64&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@70.0-r0%3Farch=x86_64&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-11763" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nnt4-kek2-w7dd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1666?format=api", "vulnerability_id": "VCID-ukhg-vp41-z3dr", "summary": "An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17000", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37019", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.3711", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17000" }, { "reference_url": "https://security.archlinux.org/ASA-201910-16", "reference_id": "ASA-201910-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-16" }, { "reference_url": "https://security.archlinux.org/AVG-1055", "reference_id": "AVG-1055", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1055" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34", "reference_id": "mfsa2019-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/323815?format=api", "purl": "pkg:apk/alpine/firefox@70.0-r0?arch=x86_64&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@70.0-r0%3Farch=x86_64&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-17000" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ukhg-vp41-z3dr" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@70.0-r0%3Farch=x86_64&distroversion=v3.18&reponame=community" }