Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/34945?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/34945?format=api", "purl": "pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie", "type": "deb", "namespace": "debian", "name": "claws-mail", "version": "4.1.1-2", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "4.3.1-1", "latest_non_vulnerable_version": "4.4.0-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/180331?format=api", "vulnerability_id": "VCID-7y49-nb7y-hqek", "summary": "Multiple vulnerabilities have been found in claws-mail,\n particularly in the default SSL implementation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01292", "scoring_system": "epss", "scoring_elements": "0.8009", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01292", "scoring_system": "epss", "scoring_elements": "0.80152", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01292", "scoring_system": "epss", "scoring_elements": "0.80167", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01292", "scoring_system": "epss", "scoring_elements": "0.80159", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8708" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8708", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8708" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811048", "reference_id": "811048", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811048" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34964?format=api", "purl": "pkg:deb/debian/claws-mail@3.13.1-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.13.1-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34949?format=api", "purl": "pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dard-gp3k-dfb5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34945?format=api", "purl": "pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34951?format=api", "purl": "pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34950?format=api", "purl": "pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-8708" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7y49-nb7y-hqek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197608?format=api", "vulnerability_id": "VCID-dard-gp3k-dfb5", "summary": "insufficient validation", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37746", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65697", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65942", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65956", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65952", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37746" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991722", "reference_id": "991722", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991722" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991723", "reference_id": "991723", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991723" }, { "reference_url": "https://security.archlinux.org/AVG-2243", "reference_id": "AVG-2243", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2243" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34973?format=api", "purl": "pkg:deb/debian/claws-mail@3.18.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.18.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34945?format=api", "purl": "pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34951?format=api", "purl": "pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34950?format=api", "purl": "pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-37746" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dard-gp3k-dfb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/185879?format=api", "vulnerability_id": "VCID-euyg-n1p4-7bhv", "summary": "A vulnerability was discovered in Claws Mail's STARTTLS handling,\n possibly allowing an integrity/confidentiality compromise.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15917", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02222", "scoring_system": "epss", "scoring_elements": "0.84862", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02222", "scoring_system": "epss", "scoring_elements": "0.84914", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02222", "scoring_system": "epss", "scoring_elements": "0.84923", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02222", "scoring_system": "epss", "scoring_elements": "0.84915", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15917" }, { "reference_url": "https://security.gentoo.org/glsa/202007-56", "reference_id": "GLSA-202007-56", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34967?format=api", "purl": "pkg:deb/debian/claws-mail@3.17.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34949?format=api", "purl": "pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dard-gp3k-dfb5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34945?format=api", "purl": "pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34951?format=api", "purl": "pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34950?format=api", "purl": "pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-15917" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-euyg-n1p4-7bhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/119863?format=api", "vulnerability_id": "VCID-f7n7-7td7-4bep", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8614", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01873", "scoring_system": "epss", "scoring_elements": "0.83524", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01873", "scoring_system": "epss", "scoring_elements": "0.83583", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01873", "scoring_system": "epss", "scoring_elements": "0.83593", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01873", "scoring_system": "epss", "scoring_elements": "0.83591", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8614" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34961?format=api", "purl": "pkg:deb/debian/claws-mail@3.13.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.13.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34949?format=api", "purl": "pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dard-gp3k-dfb5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34945?format=api", "purl": "pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34951?format=api", "purl": "pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34950?format=api", "purl": "pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-8614" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f7n7-7td7-4bep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201881?format=api", "vulnerability_id": "VCID-hwu3-aauz-mfhw", "summary": "Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-5109", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0124", "scoring_system": "epss", "scoring_elements": "0.7966", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0124", "scoring_system": "epss", "scoring_elements": "0.79725", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0124", "scoring_system": "epss", "scoring_elements": "0.79741", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0124", "scoring_system": "epss", "scoring_elements": "0.79735", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-5109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5109", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5109" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705468", "reference_id": "705468", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705468" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771360", "reference_id": "771360", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771360" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34955?format=api", "purl": "pkg:deb/debian/claws-mail@3.11.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.11.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34949?format=api", "purl": "pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dard-gp3k-dfb5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34945?format=api", "purl": "pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34951?format=api", "purl": "pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34950?format=api", "purl": "pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-5109" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hwu3-aauz-mfhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/203338?format=api", "vulnerability_id": "VCID-jgua-uyc4-9ka9", "summary": "plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.7179", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71875", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71889", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71886", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2576" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742695", "reference_id": "742695", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742695" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34960?format=api", "purl": "pkg:deb/debian/claws-mail@3.10.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.10.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34949?format=api", "purl": "pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dard-gp3k-dfb5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34945?format=api", "purl": "pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34951?format=api", "purl": "pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34950?format=api", "purl": "pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-2576" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jgua-uyc4-9ka9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/185123?format=api", "vulnerability_id": "VCID-nnad-adwn-eqaw", "summary": "Multiple vulnerabilities have been reported in Mozilla Firefox,\n Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted\n arbitrary remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1558.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1558.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1558", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1342", "scoring_system": "epss", "scoring_elements": "0.94356", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.1342", "scoring_system": "epss", "scoring_elements": "0.94375", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.1342", "scoring_system": "epss", "scoring_elements": "0.94379", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.1342", "scoring_system": "epss", "scoring_elements": "0.94381", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1558" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=241191", "reference_id": "241191", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=241191" }, { "reference_url": "https://security.gentoo.org/glsa/200706-06", "reference_id": "GLSA-200706-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200706-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2007-15", "reference_id": "mfsa2007-15", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2007-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0344", "reference_id": "RHSA-2007:0344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0353", "reference_id": "RHSA-2007:0353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0353" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0385", "reference_id": "RHSA-2007:0385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0386", "reference_id": "RHSA-2007:0386", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0401", "reference_id": "RHSA-2007:0401", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0401" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0402", "reference_id": "RHSA-2007:0402", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0402" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1140", "reference_id": "RHSA-2009:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1140" }, { "reference_url": "https://usn.ubuntu.com/469-1/", "reference_id": "USN-469-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/469-1/" }, { "reference_url": "https://usn.ubuntu.com/520-1/", "reference_id": "USN-520-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/520-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34946?format=api", "purl": "pkg:deb/debian/claws-mail@2.9.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@2.9.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34949?format=api", "purl": "pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dard-gp3k-dfb5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34945?format=api", "purl": "pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34951?format=api", "purl": "pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34950?format=api", "purl": "pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-1558" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nnad-adwn-eqaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207779?format=api", "vulnerability_id": "VCID-raf7-67nx-3fe4", "summary": "In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-16094", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65604", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65702", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65713", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65709", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-16094" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16094" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966630", "reference_id": "966630", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966630" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34970?format=api", "purl": "pkg:deb/debian/claws-mail@3.17.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34949?format=api", "purl": "pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dard-gp3k-dfb5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34945?format=api", "purl": "pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34951?format=api", "purl": "pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34950?format=api", "purl": "pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-16094" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-raf7-67nx-3fe4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/182122?format=api", "vulnerability_id": "VCID-ymdf-f6ee-37ex", "summary": "Claws Mail uses temporary files in an insecure manner, allowing for a\n symlink attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6208", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22583", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22778", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22791", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22771", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6208" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6208", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6208" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454089", "reference_id": "454089", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454089" }, { "reference_url": "https://security.gentoo.org/glsa/200801-03", "reference_id": "GLSA-200801-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200801-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34953?format=api", "purl": "pkg:deb/debian/claws-mail@3.1.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.1.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34949?format=api", "purl": "pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dard-gp3k-dfb5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34945?format=api", "purl": "pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34951?format=api", "purl": "pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34950?format=api", "purl": "pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-6208" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymdf-f6ee-37ex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/202450?format=api", "vulnerability_id": "VCID-z3wd-apsy-7udq", "summary": "The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4507", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01238", "scoring_system": "epss", "scoring_elements": "0.79645", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01238", "scoring_system": "epss", "scoring_elements": "0.79711", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01238", "scoring_system": "epss", "scoring_elements": "0.79727", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01238", "scoring_system": "epss", "scoring_elements": "0.79721", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4507" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4507", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4507" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690151", "reference_id": "690151", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690151" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34958?format=api", "purl": "pkg:deb/debian/claws-mail@3.8.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.8.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34949?format=api", "purl": "pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dard-gp3k-dfb5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34945?format=api", "purl": "pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34951?format=api", "purl": "pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/34950?format=api", "purl": "pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-4507" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z3wd-apsy-7udq" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie" }