Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/38403?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/38403?format=api", "purl": "pkg:deb/debian/dulwich@0.10.1-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "dulwich", "version": "0.10.1-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.18.5-1", "latest_non_vulnerable_version": "1.2.7-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/114238?format=api", "vulnerability_id": "VCID-533m-e2fp-j7az", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02814", "scoring_system": "epss", "scoring_elements": "0.86458", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02814", "scoring_system": "epss", "scoring_elements": "0.86509", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02814", "scoring_system": "epss", "scoring_elements": "0.86519", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0838" }, { "reference_url": "https://github.com/advisories/GHSA-vjjf-3rvg-gv3v", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vjjf-3rvg-gv3v" }, { "reference_url": "https://github.com/jelmer/dulwich", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jelmer/dulwich" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/dulwich/PYSEC-2015-35.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/dulwich/PYSEC-2015-35.yaml" }, { "reference_url": "https://lists.launchpad.net/dulwich-users/msg00829.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.launchpad.net/dulwich-users/msg00829.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0838", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0838" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3206", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2015/dsa-3206" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780958", "reference_id": "780958", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780958" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38403?format=api", "purl": "pkg:deb/debian/dulwich@0.10.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.10.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38405?format=api", "purl": "pkg:deb/debian/dulwich@0.20.15-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.20.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38402?format=api", "purl": "pkg:deb/debian/dulwich@0.21.2-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.21.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38409?format=api", "purl": "pkg:deb/debian/dulwich@0.22.7-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.22.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38407?format=api", "purl": "pkg:deb/debian/dulwich@1.2.1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38408?format=api", "purl": "pkg:deb/debian/dulwich@1.2.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088699?format=api", "purl": "pkg:deb/debian/dulwich@1.2.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.7-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-0838", "GHSA-vjjf-3rvg-gv3v", "PYSEC-2015-35" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-533m-e2fp-j7az" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/176933?format=api", "vulnerability_id": "VCID-5nnu-33bm-qyaa", "summary": "An attacker could execute arbitrary commands via Git repositories\n in a case-insensitive or case-normalizing filesystem.", "references": [ { "reference_url": "http://article.gmane.org/gmane.linux.kernel/1853266", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://article.gmane.org/gmane.linux.kernel/1853266" }, { "reference_url": "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html" }, { "reference_url": "http://mercurial.selenic.com/wiki/WhatsNew", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://mercurial.selenic.com/wiki/WhatsNew" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9390.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9390.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9390", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.77155", "scoring_system": "epss", "scoring_elements": "0.98992", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.77155", "scoring_system": "epss", "scoring_elements": "0.98996", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390" }, { "reference_url": "http://securitytracker.com/id?1031404", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://securitytracker.com/id?1031404" }, { "reference_url": "https://github.com/advisories/GHSA-6vvc-c2m3-cjf3", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6vvc-c2m3-cjf3" }, { "reference_url": "https://github.com/blog/1938-git-client-vulnerability-announced", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/blog/1938-git-client-vulnerability-announced" }, { "reference_url": "https://github.com/blog/1938-vulnerability-announced-update-your-git-clients", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/blog/1938-vulnerability-announced-update-your-git-clients" }, { "reference_url": "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915" }, { "reference_url": "https://github.com/libgit2/libgit2/releases/tag/v0.21.3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libgit2/libgit2/releases/tag/v0.21.3" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2020-217.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2020-217.yaml" }, { "reference_url": "https://libgit2.org/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://libgit2.org/security" }, { "reference_url": "https://libgit2.org/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://libgit2.org/security/" }, { "reference_url": "https://news.ycombinator.com/item?id=8769667", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://news.ycombinator.com/item?id=8769667" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9390", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9390" }, { "reference_url": "https://projects.eclipse.org/projects/technology.jgit/releases/3.5.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://projects.eclipse.org/projects/technology.jgit/releases/3.5.3" }, { "reference_url": "http://support.apple.com/kb/HT204147", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT204147" }, { "reference_url": "https://web.archive.org/web/20211204220400/https://securitytracker.com/id?1031404", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20211204220400/https://securitytracker.com/id?1031404" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1175960", "reference_id": "1175960", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1175960" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773640", "reference_id": "773640", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773640" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774048", "reference_id": "774048", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774048" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774050", "reference_id": "774050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774050" }, { "reference_url": "https://security.gentoo.org/glsa/201509-06", "reference_id": "GLSA-201509-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201509-06" }, { "reference_url": "https://security.gentoo.org/glsa/201612-19", "reference_id": "GLSA-201612-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-19" }, { "reference_url": "https://usn.ubuntu.com/2470-1/", "reference_id": "USN-2470-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2470-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38403?format=api", "purl": "pkg:deb/debian/dulwich@0.10.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.10.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38405?format=api", "purl": "pkg:deb/debian/dulwich@0.20.15-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.20.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38402?format=api", "purl": "pkg:deb/debian/dulwich@0.21.2-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.21.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38409?format=api", "purl": "pkg:deb/debian/dulwich@0.22.7-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.22.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38407?format=api", "purl": "pkg:deb/debian/dulwich@1.2.1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38408?format=api", "purl": "pkg:deb/debian/dulwich@1.2.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088699?format=api", "purl": "pkg:deb/debian/dulwich@1.2.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.7-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-9390", "GHSA-6vvc-c2m3-cjf3", "PYSEC-2020-217" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5nnu-33bm-qyaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/114236?format=api", "vulnerability_id": "VCID-ncwq-8v8w-qug7", "summary": "security update", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154523.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154523.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154551.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154551.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9706", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02765", "scoring_system": "epss", "scoring_elements": "0.86348", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02765", "scoring_system": "epss", "scoring_elements": "0.86399", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02765", "scoring_system": "epss", "scoring_elements": "0.86409", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0838" }, { "reference_url": "https://github.com/advisories/GHSA-4j5j-58j7-6c3w", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4j5j-58j7-6c3w" }, { "reference_url": "https://github.com/jelmer/dulwich", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jelmer/dulwich" }, { "reference_url": "https://github.com/jelmer/dulwich/commit/091638be3c89f46f42c3b1d57dc1504af5729176", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jelmer/dulwich/commit/091638be3c89f46f42c3b1d57dc1504af5729176" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/dulwich/PYSEC-2015-34.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/dulwich/PYSEC-2015-34.yaml" }, { "reference_url": "https://git.samba.org/?p=jelmer/dulwich.git;a=commitdiff;h=091638be3c89f46f42c3b1d57dc1504af5729176", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.samba.org/?p=jelmer/dulwich.git;a=commitdiff;h=091638be3c89f46f42c3b1d57dc1504af5729176" }, { "reference_url": "https://lists.launchpad.net/dulwich-users/msg00827.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.launchpad.net/dulwich-users/msg00827.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9706", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9706" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3206", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2015/dsa-3206" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/03/21/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/03/21/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/03/22/26", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/03/22/26" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780989", "reference_id": "780989", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780989" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38403?format=api", "purl": "pkg:deb/debian/dulwich@0.10.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.10.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38405?format=api", "purl": "pkg:deb/debian/dulwich@0.20.15-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.20.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38402?format=api", "purl": "pkg:deb/debian/dulwich@0.21.2-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.21.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38409?format=api", "purl": "pkg:deb/debian/dulwich@0.22.7-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.22.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38407?format=api", "purl": "pkg:deb/debian/dulwich@1.2.1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38408?format=api", "purl": "pkg:deb/debian/dulwich@1.2.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088699?format=api", "purl": "pkg:deb/debian/dulwich@1.2.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.7-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-9706", "GHSA-4j5j-58j7-6c3w", "PYSEC-2015-34" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ncwq-8v8w-qug7" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.10.1-1%3Fdistro=trixie" }