VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/338786?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/338786?format=api",
    "purl": "pkg:apk/alpine/qemu@2.8.1-r1?arch=x86&distroversion=v3.11&reponame=community",
    "type": "apk",
    "namespace": "alpine",
    "name": "qemu",
    "version": "2.8.1-r1",
    "qualifiers": {
        "arch": "x86",
        "distroversion": "v3.11",
        "reponame": "community"
    },
    "subpath": "",
    "is_vulnerable": false,
    "next_non_vulnerable_version": null,
    "latest_non_vulnerable_version": null,
    "affected_by_vulnerabilities": [],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99310?format=api",
            "vulnerability_id": "VCID-2fr3-kytt-h7ff",
            "summary": "Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5579.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5579.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5579",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.0007",
                            "scoring_system": "epss",
                            "scoring_elements": "0.21548",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5579"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "2.3",
                            "scoring_system": "cvssv2",
                            "scoring_elements": "AV:A/AC:M/Au:S/C:N/I:N/A:P"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416157",
                    "reference_id": "1416157",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416157"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853002",
                    "reference_id": "853002",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853002"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201702-28",
                    "reference_id": "GLSA-201702-28",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201702-28"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:2392",
                    "reference_id": "RHSA-2017:2392",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:2392"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:2408",
                    "reference_id": "RHSA-2017:2408",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:2408"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/338786?format=api",
                    "purl": "pkg:apk/alpine/qemu@2.8.1-r1?arch=x86&distroversion=v3.11&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@2.8.1-r1%3Farch=x86&distroversion=v3.11&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2017-5579"
            ],
            "risk_score": 1.9,
            "exploitability": "0.5",
            "weighted_severity": "3.7",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2fr3-kytt-h7ff"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99249?format=api",
            "vulnerability_id": "VCID-4rmk-qt1h-5yhc",
            "summary": "The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8909.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.0",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8909.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8909",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00099",
                            "scoring_system": "epss",
                            "scoring_elements": "0.26986",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8909"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "2.1",
                            "scoring_system": "cvssv2",
                            "scoring_elements": "AV:N/AC:H/Au:S/C:N/I:N/A:P"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388052",
                    "reference_id": "1388052",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388052"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841950",
                    "reference_id": "841950",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841950"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201611-11",
                    "reference_id": "GLSA-201611-11",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201611-11"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:2392",
                    "reference_id": "RHSA-2017:2392",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:2392"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:2408",
                    "reference_id": "RHSA-2017:2408",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:2408"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/338786?format=api",
                    "purl": "pkg:apk/alpine/qemu@2.8.1-r1?arch=x86&distroversion=v3.11&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@2.8.1-r1%3Farch=x86&distroversion=v3.11&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2016-8909"
            ],
            "risk_score": 1.4,
            "exploitability": "0.5",
            "weighted_severity": "2.7",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4rmk-qt1h-5yhc"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99243?format=api",
            "vulnerability_id": "VCID-76s6-cxcr-ckft",
            "summary": "Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8577.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.0",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8577.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8577",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00111",
                            "scoring_system": "epss",
                            "scoring_elements": "0.29077",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8577"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.4",
                            "scoring_system": "cvssv2",
                            "scoring_elements": "AV:L/AC:M/Au:S/C:N/I:N/A:C"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383285",
                    "reference_id": "1383285",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383285"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840341",
                    "reference_id": "840341",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840341"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201611-11",
                    "reference_id": "GLSA-201611-11",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201611-11"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/338786?format=api",
                    "purl": "pkg:apk/alpine/qemu@2.8.1-r1?arch=x86&distroversion=v3.11&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@2.8.1-r1%3Farch=x86&distroversion=v3.11&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2016-8577"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-76s6-cxcr-ckft"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99317?format=api",
            "vulnerability_id": "VCID-95d6-n1v7-y7cd",
            "summary": "Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5898.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.0",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5898.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5898",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00059",
                            "scoring_system": "epss",
                            "scoring_elements": "0.1874",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5898"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.8",
                            "scoring_system": "cvssv2",
                            "scoring_elements": "AV:A/AC:M/Au:S/C:N/I:P/A:P"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419699",
                    "reference_id": "1419699",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419699"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854729",
                    "reference_id": "854729",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854729"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201702-28",
                    "reference_id": "GLSA-201702-28",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201702-28"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:1856",
                    "reference_id": "RHSA-2017:1856",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:1856"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:2392",
                    "reference_id": "RHSA-2017:2392",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:2392"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/338786?format=api",
                    "purl": "pkg:apk/alpine/qemu@2.8.1-r1?arch=x86&distroversion=v3.11&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@2.8.1-r1%3Farch=x86&distroversion=v3.11&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2017-5898"
            ],
            "risk_score": 1.8,
            "exploitability": "0.5",
            "weighted_severity": "3.6",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-95d6-n1v7-y7cd"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99301?format=api",
            "vulnerability_id": "VCID-bk24-wqs5-5fcv",
            "summary": "Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2615.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2615.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2615",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.0101",
                            "scoring_system": "epss",
                            "scoring_elements": "0.77447",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2615"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.9",
                            "scoring_system": "cvssv2",
                            "scoring_elements": "AV:A/AC:M/Au:S/C:P/I:P/A:P"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418200",
                    "reference_id": "1418200",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418200"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854731",
                    "reference_id": "854731",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854731"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201702-27",
                    "reference_id": "GLSA-201702-27",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201702-27"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201702-28",
                    "reference_id": "GLSA-201702-28",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201702-28"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0309",
                    "reference_id": "RHSA-2017:0309",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0309"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0328",
                    "reference_id": "RHSA-2017:0328",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0328"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0329",
                    "reference_id": "RHSA-2017:0329",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0329"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0330",
                    "reference_id": "RHSA-2017:0330",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0330"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0331",
                    "reference_id": "RHSA-2017:0331",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0331"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0332",
                    "reference_id": "RHSA-2017:0332",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0332"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0333",
                    "reference_id": "RHSA-2017:0333",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0333"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0334",
                    "reference_id": "RHSA-2017:0334",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0334"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0344",
                    "reference_id": "RHSA-2017:0344",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0344"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0350",
                    "reference_id": "RHSA-2017:0350",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0350"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0396",
                    "reference_id": "RHSA-2017:0396",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0396"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0454",
                    "reference_id": "RHSA-2017:0454",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0454"
                },
                {
                    "reference_url": "https://xenbits.xen.org/xsa/advisory-208.html",
                    "reference_id": "XSA-208",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://xenbits.xen.org/xsa/advisory-208.html"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/338786?format=api",
                    "purl": "pkg:apk/alpine/qemu@2.8.1-r1?arch=x86&distroversion=v3.11&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@2.8.1-r1%3Farch=x86&distroversion=v3.11&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2017-2615",
                "XSA-208"
            ],
            "risk_score": 2.5,
            "exploitability": "0.5",
            "weighted_severity": "5.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bk24-wqs5-5fcv"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99256?format=api",
            "vulnerability_id": "VCID-dne4-8bum-yfdj",
            "summary": "Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9106.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.0",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9106.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9106",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00111",
                            "scoring_system": "epss",
                            "scoring_elements": "0.29077",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9106"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "1.5",
                            "scoring_system": "cvssv2",
                            "scoring_elements": "AV:L/AC:M/Au:S/C:N/I:N/A:P"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389712",
                    "reference_id": "1389712",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389712"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842463",
                    "reference_id": "842463",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842463"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/338786?format=api",
                    "purl": "pkg:apk/alpine/qemu@2.8.1-r1?arch=x86&distroversion=v3.11&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@2.8.1-r1%3Farch=x86&distroversion=v3.11&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2016-9106"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dne4-8bum-yfdj"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99318?format=api",
            "vulnerability_id": "VCID-ph34-yup5-z7a4",
            "summary": "Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5931.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.0",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5931.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5931",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00072",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22003",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5931"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420092",
                    "reference_id": "1420092",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420092"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854730",
                    "reference_id": "854730",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854730"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201702-28",
                    "reference_id": "GLSA-201702-28",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201702-28"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/338786?format=api",
                    "purl": "pkg:apk/alpine/qemu@2.8.1-r1?arch=x86&distroversion=v3.11&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@2.8.1-r1%3Farch=x86&distroversion=v3.11&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2017-5931"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ph34-yup5-z7a4"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99312?format=api",
            "vulnerability_id": "VCID-pu4q-r2h5-cuaa",
            "summary": "The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5667.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5667.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5667",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00223",
                            "scoring_system": "epss",
                            "scoring_elements": "0.44969",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5667"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.9",
                            "scoring_system": "cvssv2",
                            "scoring_elements": "AV:A/AC:M/Au:S/C:P/I:P/A:P"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1417559",
                    "reference_id": "1417559",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1417559"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853996",
                    "reference_id": "853996",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853996"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201702-28",
                    "reference_id": "GLSA-201702-28",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201702-28"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/338786?format=api",
                    "purl": "pkg:apk/alpine/qemu@2.8.1-r1?arch=x86&distroversion=v3.11&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@2.8.1-r1%3Farch=x86&distroversion=v3.11&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2017-5667"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pu4q-r2h5-cuaa"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99314?format=api",
            "vulnerability_id": "VCID-q7dy-tk74-3kby",
            "summary": "Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5856.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.0",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5856.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5856",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00143",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34151",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5856"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "2.3",
                            "scoring_system": "cvssv2",
                            "scoring_elements": "AV:A/AC:M/Au:S/C:N/I:N/A:P"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418342",
                    "reference_id": "1418342",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418342"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853996",
                    "reference_id": "853996",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853996"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201702-28",
                    "reference_id": "GLSA-201702-28",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201702-28"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/338786?format=api",
                    "purl": "pkg:apk/alpine/qemu@2.8.1-r1?arch=x86&distroversion=v3.11&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@2.8.1-r1%3Farch=x86&distroversion=v3.11&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2017-5856"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q7dy-tk74-3kby"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99254?format=api",
            "vulnerability_id": "VCID-qegh-vk15-zbbu",
            "summary": "Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9104.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9104.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9104",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00111",
                            "scoring_system": "epss",
                            "scoring_elements": "0.29077",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9104"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3",
                            "scoring_system": "cvssv2",
                            "scoring_elements": "AV:L/AC:M/Au:S/C:N/I:P/A:P"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389686",
                    "reference_id": "1389686",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389686"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842463",
                    "reference_id": "842463",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842463"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201611-11",
                    "reference_id": "GLSA-201611-11",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201611-11"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/338786?format=api",
                    "purl": "pkg:apk/alpine/qemu@2.8.1-r1?arch=x86&distroversion=v3.11&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@2.8.1-r1%3Farch=x86&distroversion=v3.11&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2016-9104"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qegh-vk15-zbbu"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99242?format=api",
            "vulnerability_id": "VCID-rgss-djue-bybk",
            "summary": "The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8576.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.0",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8576.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8576",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00098",
                            "scoring_system": "epss",
                            "scoring_elements": "0.26884",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8576"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.4",
                            "scoring_system": "cvssv2",
                            "scoring_elements": "AV:L/AC:M/Au:S/C:N/I:N/A:C"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333425",
                    "reference_id": "1333425",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333425"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840343",
                    "reference_id": "840343",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840343"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201611-11",
                    "reference_id": "GLSA-201611-11",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201611-11"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:2392",
                    "reference_id": "RHSA-2017:2392",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:2392"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:2408",
                    "reference_id": "RHSA-2017:2408",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:2408"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/338786?format=api",
                    "purl": "pkg:apk/alpine/qemu@2.8.1-r1?arch=x86&distroversion=v3.11&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@2.8.1-r1%3Farch=x86&distroversion=v3.11&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2016-8576"
            ],
            "risk_score": 1.4,
            "exploitability": "0.5",
            "weighted_severity": "2.7",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgss-djue-bybk"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99251?format=api",
            "vulnerability_id": "VCID-rnxj-1yr3-dqb4",
            "summary": "Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9101.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.0",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9101.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9101",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00111",
                            "scoring_system": "epss",
                            "scoring_elements": "0.29077",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9101"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "1.5",
                            "scoring_system": "cvssv2",
                            "scoring_elements": "AV:L/AC:M/Au:S/C:N/I:N/A:P"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389538",
                    "reference_id": "1389538",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389538"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842455",
                    "reference_id": "842455",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842455"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201701-49",
                    "reference_id": "GLSA-201701-49",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201701-49"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/338786?format=api",
                    "purl": "pkg:apk/alpine/qemu@2.8.1-r1?arch=x86&distroversion=v3.11&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@2.8.1-r1%3Farch=x86&distroversion=v3.11&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2016-9101"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rnxj-1yr3-dqb4"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99244?format=api",
            "vulnerability_id": "VCID-tngp-7kbr-2fdk",
            "summary": "The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8578.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.0",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8578.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8578",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00075",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22625",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8578"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.4",
                            "scoring_system": "cvssv2",
                            "scoring_elements": "AV:L/AC:M/Au:S/C:N/I:N/A:C"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383291",
                    "reference_id": "1383291",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383291"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840340",
                    "reference_id": "840340",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840340"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201611-11",
                    "reference_id": "GLSA-201611-11",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201611-11"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/338786?format=api",
                    "purl": "pkg:apk/alpine/qemu@2.8.1-r1?arch=x86&distroversion=v3.11&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@2.8.1-r1%3Farch=x86&distroversion=v3.11&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2016-8578"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tngp-7kbr-2fdk"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99302?format=api",
            "vulnerability_id": "VCID-ur84-4qah-6ued",
            "summary": "Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2620.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2620.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2620",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.0241",
                            "scoring_system": "epss",
                            "scoring_elements": "0.85375",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2620"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.9",
                            "scoring_system": "cvssv2",
                            "scoring_elements": "AV:A/AC:M/Au:S/C:P/I:P/A:P"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420484",
                    "reference_id": "1420484",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420484"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855791",
                    "reference_id": "855791",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855791"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201703-07",
                    "reference_id": "GLSA-201703-07",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201703-07"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201704-01",
                    "reference_id": "GLSA-201704-01",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201704-01"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0328",
                    "reference_id": "RHSA-2017:0328",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0328"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0329",
                    "reference_id": "RHSA-2017:0329",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0329"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0330",
                    "reference_id": "RHSA-2017:0330",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0330"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0331",
                    "reference_id": "RHSA-2017:0331",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0331"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0332",
                    "reference_id": "RHSA-2017:0332",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0332"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0333",
                    "reference_id": "RHSA-2017:0333",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0333"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0334",
                    "reference_id": "RHSA-2017:0334",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0334"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0350",
                    "reference_id": "RHSA-2017:0350",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0350"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0351",
                    "reference_id": "RHSA-2017:0351",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0351"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0352",
                    "reference_id": "RHSA-2017:0352",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0352"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0396",
                    "reference_id": "RHSA-2017:0396",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0396"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2017:0454",
                    "reference_id": "RHSA-2017:0454",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2017:0454"
                },
                {
                    "reference_url": "https://xenbits.xen.org/xsa/advisory-209.html",
                    "reference_id": "XSA-209",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://xenbits.xen.org/xsa/advisory-209.html"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/338786?format=api",
                    "purl": "pkg:apk/alpine/qemu@2.8.1-r1?arch=x86&distroversion=v3.11&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@2.8.1-r1%3Farch=x86&distroversion=v3.11&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2017-2620",
                "XSA-209"
            ],
            "risk_score": 2.5,
            "exploitability": "0.5",
            "weighted_severity": "5.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ur84-4qah-6ued"
        }
    ],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@2.8.1-r1%3Farch=x86&distroversion=v3.11&reponame=community"
}

Package Instance