Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/337394?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/337394?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=armhf&distroversion=v3.4&reponame=main", "type": "apk", "namespace": "alpine", "name": "phpmyadmin", "version": "4.6.5.2-r0", "qualifiers": { "arch": "armhf", "distroversion": "v3.4", "reponame": "main" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98185?format=api", "vulnerability_id": "VCID-ajeh-4q9t-sydz", "summary": "An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9850", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68788", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68828", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68835", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9850" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9850", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9850" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/337394?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=armhf&distroversion=v3.4&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=armhf&distroversion=v3.4&reponame=main" } ], "aliases": [ "CVE-2016-9850" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ajeh-4q9t-sydz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44158?format=api", "vulnerability_id": "VCID-cbjd-e3sk-m7bu", "summary": "Cross-Site Request Forgery (CSRF)\nAn issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9866", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.4472", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44797", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44791", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9866" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9866", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9866" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://security.gentoo.org/glsa/201701-32", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-32" }, { "reference_url": "https://web.archive.org/web/20210123194736/http://www.securityfocus.com/bid/94536", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123194736/http://www.securityfocus.com/bid/94536" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-71", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2016-71" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9866", "reference_id": "CVE-2016-9866", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9866" }, { "reference_url": "https://github.com/advisories/GHSA-jvxx-8xxf-5495", "reference_id": "GHSA-jvxx-8xxf-5495", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jvxx-8xxf-5495" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/337394?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=armhf&distroversion=v3.4&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=armhf&distroversion=v3.4&reponame=main" } ], "aliases": [ "CVE-2016-9866", "GHSA-jvxx-8xxf-5495" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbjd-e3sk-m7bu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98184?format=api", "vulnerability_id": "VCID-dj5f-y77j-d7dx", "summary": "An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44277", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53113", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53121", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9849" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9849", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9849" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/337394?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=armhf&distroversion=v3.4&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=armhf&distroversion=v3.4&reponame=main" } ], "aliases": [ "CVE-2016-9849" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dj5f-y77j-d7dx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98183?format=api", "vulnerability_id": "VCID-jabw-t2hb-q3e9", "summary": "An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9848", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.567", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56752", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56759", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9848" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9848", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9848" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/337394?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=armhf&distroversion=v3.4&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=armhf&distroversion=v3.4&reponame=main" } ], "aliases": [ "CVE-2016-9848" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jabw-t2hb-q3e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98192?format=api", "vulnerability_id": "VCID-m59w-cug5-wbe2", "summary": "An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9862", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61341", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61389", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61397", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9862" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9862", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9862" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/337394?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=armhf&distroversion=v3.4&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=armhf&distroversion=v3.4&reponame=main" } ], "aliases": [ "CVE-2016-9862" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m59w-cug5-wbe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38278?format=api", "vulnerability_id": "VCID-n66y-s36g-fqck", "summary": "Improper Input Validation\nAn issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with `$cfg['AllowArbitraryServer']=true`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9860", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72539", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72586", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72579", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9860" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9860", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9860" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://security.gentoo.org/glsa/201701-32", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-32" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-65", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2016-65" }, { "reference_url": "http://www.securityfocus.com/bid/94525", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/94525" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9860", "reference_id": "CVE-2016-9860", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9860" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/337394?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=armhf&distroversion=v3.4&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=armhf&distroversion=v3.4&reponame=main" } ], "aliases": [ "CVE-2016-9860", "GHSA-3hw5-fffc-qrg4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n66y-s36g-fqck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98195?format=api", "vulnerability_id": "VCID-q2wv-kbra-5kg8", "summary": "An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01202", "scoring_system": "epss", "scoring_elements": "0.79258", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01202", "scoring_system": "epss", "scoring_elements": "0.79284", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01202", "scoring_system": "epss", "scoring_elements": "0.7929", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9865" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/337394?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=armhf&distroversion=v3.4&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=armhf&distroversion=v3.4&reponame=main" } ], "aliases": [ "CVE-2016-9865" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q2wv-kbra-5kg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38273?format=api", "vulnerability_id": "VCID-q7pe-bvr1-g3bc", "summary": "Cryptographic Issues\nAn issue was discovered in phpMyAdmin. When the user does not specify a `blowfish_secret` key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's `blowfish_secret` and potentially decrypt their cookies.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9847", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62854", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62906", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62896", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9847" }, { "reference_url": "https://security.gentoo.org/glsa/201701-32", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-32" }, { "reference_url": "https://web.archive.org/web/20210123194700/http://www.securityfocus.com/bid/94524", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123194700/http://www.securityfocus.com/bid/94524" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-58", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2016-58" }, { "reference_url": "http://www.securityfocus.com/bid/94524", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94524" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9847", "reference_id": "CVE-2016-9847", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9847" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/337394?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=armhf&distroversion=v3.4&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=armhf&distroversion=v3.4&reponame=main" } ], "aliases": [ "CVE-2016-9847", "GHSA-9xhq-pm7v-693p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q7pe-bvr1-g3bc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98188?format=api", "vulnerability_id": "VCID-q7zq-5xpn-93dd", "summary": "An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the json_decode issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9854", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.6637", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66411", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66419", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9854" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/337394?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=armhf&distroversion=v3.4&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=armhf&distroversion=v3.4&reponame=main" } ], "aliases": [ "CVE-2016-9854" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q7zq-5xpn-93dd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98193?format=api", "vulnerability_id": "VCID-qeac-129m-1udw", "summary": "An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9863", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.7106", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.71109", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.71103", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9863" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9863", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9863" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9863", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9863" }, { "reference_url": "https://security.gentoo.org/glsa/201701-32", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-32" }, { "reference_url": "https://web.archive.org/web/20210123194704/http://www.securityfocus.com/bid/94526", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123194704/http://www.securityfocus.com/bid/94526" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-68", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2016-68" }, { "reference_url": "https://github.com/advisories/GHSA-qgrq-64g6-mmh6", "reference_id": "GHSA-qgrq-64g6-mmh6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qgrq-64g6-mmh6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/337394?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=armhf&distroversion=v3.4&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=armhf&distroversion=v3.4&reponame=main" } ], "aliases": [ "CVE-2016-9863", "GHSA-qgrq-64g6-mmh6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qeac-129m-1udw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38275?format=api", "vulnerability_id": "VCID-rc63-nakx-ebbe", "summary": "Cross-site Scripting\nAn issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9857", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49373", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49445", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49434", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9857" }, { "reference_url": "https://security.gentoo.org/glsa/201701-32", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-32" }, { "reference_url": "https://web.archive.org/web/20210123194716/http://www.securityfocus.com/bid/94530", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123194716/http://www.securityfocus.com/bid/94530" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-64", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2016-64" }, { "reference_url": "http://www.securityfocus.com/bid/94530", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94530" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9857", "reference_id": "CVE-2016-9857", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9857" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/337394?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=armhf&distroversion=v3.4&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=armhf&distroversion=v3.4&reponame=main" } ], "aliases": [ "CVE-2016-9857", "GHSA-hmmx-wxh4-9w8w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rc63-nakx-ebbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98191?format=api", "vulnerability_id": "VCID-rsrk-jwbt-qfhe", "summary": "An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9859", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.68419", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.6846", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.68468", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9859" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9859", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9859" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/337394?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=armhf&distroversion=v3.4&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=armhf&distroversion=v3.4&reponame=main" } ], "aliases": [ "CVE-2016-9859" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rsrk-jwbt-qfhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38284?format=api", "vulnerability_id": "VCID-segg-gk79-9bc6", "summary": "Improper Input Validation\nAn issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9851", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47591", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47589", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47525", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9851" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9851" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://security.gentoo.org/glsa/201701-32", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-32" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-62", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2016-62" }, { "reference_url": "http://www.securityfocus.com/bid/94534", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/94534" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9851", "reference_id": "CVE-2016-9851", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9851" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/337394?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=armhf&distroversion=v3.4&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=armhf&distroversion=v3.4&reponame=main" } ], "aliases": [ "CVE-2016-9851", "GHSA-r2vw-p77f-vc27" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-segg-gk79-9bc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98186?format=api", "vulnerability_id": "VCID-v1kx-5wa1-r7he", "summary": "An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the curl wrapper issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9852", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.6637", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66411", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66419", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9852" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/337394?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=armhf&distroversion=v3.4&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=armhf&distroversion=v3.4&reponame=main" } ], "aliases": [ "CVE-2016-9852" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v1kx-5wa1-r7he" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98194?format=api", "vulnerability_id": "VCID-vpf2-5j4s-jqeb", "summary": "An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9864", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48175", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48177", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.62193", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9864" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/337394?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=armhf&distroversion=v3.4&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=armhf&distroversion=v3.4&reponame=main" } ], "aliases": [ "CVE-2016-9864" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vpf2-5j4s-jqeb" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=armhf&distroversion=v3.4&reponame=main" }