Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/388127?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/388127?format=api", "purl": "pkg:apk/alpine/qemu@5.0.0-r0?arch=x86&distroversion=v3.18&reponame=community", "type": "apk", "namespace": "alpine", "name": "qemu", "version": "5.0.0-r0", "qualifiers": { "arch": "x86", "distroversion": "v3.18", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "5.1.0-r1", "latest_non_vulnerable_version": "8.0.2-r1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81665?format=api", "vulnerability_id": "VCID-5t1d-ve8h-9ba1", "summary": "QEMU: division by zero in oss_write() in audio/ossaudio.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14415.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14415.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14415", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15427", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15467", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15537", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15337", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15424", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15474", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15435", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15396", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15331", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1525", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14415" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848117", "reference_id": "1848117", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848117" }, { "reference_url": "https://usn.ubuntu.com/4467-1/", "reference_id": "USN-4467-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4467-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388127?format=api", "purl": "pkg:apk/alpine/qemu@5.0.0-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.0.0-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2020-14415" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5t1d-ve8h-9ba1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80846?format=api", "vulnerability_id": "VCID-955d-q41q-4uau", "summary": "QEMU: net: an assert failure via eth_get_gso_type", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27617.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27617.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45648", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45715", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45735", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45684", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45739", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45758", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45728", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45736", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45786", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891668", "reference_id": "1891668", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891668" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973324", "reference_id": "973324", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3061", "reference_id": "RHSA-2021:3061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3061" }, { "reference_url": "https://usn.ubuntu.com/4650-1/", "reference_id": "USN-4650-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4650-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388127?format=api", "purl": "pkg:apk/alpine/qemu@5.0.0-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.0.0-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2020-27617" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-955d-q41q-4uau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61637?format=api", "vulnerability_id": "VCID-dqbd-gqg9-2kgs", "summary": "Multiple vulnerabilities have been found in QEMU, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13754.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13754.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08657", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08685", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08733", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08656", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08757", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08735", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.0872", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.0861", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13659", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13659" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13765" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842363", "reference_id": "1842363", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842363" }, { "reference_url": "https://security.gentoo.org/glsa/202011-09", "reference_id": "GLSA-202011-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202011-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2521", "reference_id": "RHSA-2021:2521", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3061", "reference_id": "RHSA-2021:3061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3061" }, { "reference_url": "https://usn.ubuntu.com/4467-1/", "reference_id": "USN-4467-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4467-1/" }, { "reference_url": "https://usn.ubuntu.com/4467-2/", "reference_id": "USN-4467-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4467-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388127?format=api", "purl": "pkg:apk/alpine/qemu@5.0.0-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.0.0-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2020-13754" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dqbd-gqg9-2kgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80609?format=api", "vulnerability_id": "VCID-drqf-646q-xqf3", "summary": "qemu: out-of-bound heap buffer access via an interrupt ID field", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20221.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20221.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0619", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06225", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06251", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06231", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06275", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06317", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06309", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06305", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06294", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20221" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20221", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20221" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601", "reference_id": "1924601", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1125", "reference_id": "RHSA-2021:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2521", "reference_id": "RHSA-2021:2521", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3061", "reference_id": "RHSA-2021:3061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3061" }, { "reference_url": "https://usn.ubuntu.com/5010-1/", "reference_id": "USN-5010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5010-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388127?format=api", "purl": "pkg:apk/alpine/qemu@5.0.0-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.0.0-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2021-20221" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-drqf-646q-xqf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61639?format=api", "vulnerability_id": "VCID-ezm8-pq4d-mkhg", "summary": "Multiple vulnerabilities have been found in QEMU, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13800.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13800.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13800", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28466", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28561", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28604", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28407", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28474", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28515", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28517", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28425", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28442", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13800" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843771", "reference_id": "1843771", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843771" }, { "reference_url": "https://security.gentoo.org/glsa/202011-09", "reference_id": "GLSA-202011-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202011-09" }, { "reference_url": "https://usn.ubuntu.com/4467-1/", "reference_id": "USN-4467-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4467-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388127?format=api", "purl": "pkg:apk/alpine/qemu@5.0.0-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.0.0-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2020-13800" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ezm8-pq4d-mkhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80849?format=api", "vulnerability_id": "VCID-hq1b-c1ew-kkga", "summary": "QEMU: ati-vga: potential crash via invalid x y parameter values", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27616.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27616.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27616", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63006", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63065", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63094", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63059", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63111", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63128", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63145", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.6313", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63108", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63143", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27616" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894036", "reference_id": "1894036", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894036" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975265", "reference_id": "975265", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975265" }, { "reference_url": "https://usn.ubuntu.com/4650-1/", "reference_id": "USN-4650-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4650-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388127?format=api", "purl": "pkg:apk/alpine/qemu@5.0.0-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.0.0-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2020-27616" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hq1b-c1ew-kkga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81154?format=api", "vulnerability_id": "VCID-mtj9-1cns-yybw", "summary": "QEMU: MMIO ops null pointer dereference may lead to DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15469.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15469.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12214", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1233", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12377", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12178", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12258", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12308", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12316", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1228", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12243", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12132", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15469" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853154", "reference_id": "1853154", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853154" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970253", "reference_id": "970253", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970253" }, { "reference_url": "https://usn.ubuntu.com/5010-1/", "reference_id": "USN-5010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5010-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388127?format=api", "purl": "pkg:apk/alpine/qemu@5.0.0-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.0.0-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2020-15469" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtj9-1cns-yybw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61638?format=api", "vulnerability_id": "VCID-sy57-hngf-d3gn", "summary": "Multiple vulnerabilities have been found in QEMU, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13791.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13791.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13791", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.3855", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.3868", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38702", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38632", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38683", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38692", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38664", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38638", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38686", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13791" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843764", "reference_id": "1843764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843764" }, { "reference_url": "https://security.gentoo.org/glsa/202011-09", "reference_id": "GLSA-202011-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202011-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388127?format=api", "purl": "pkg:apk/alpine/qemu@5.0.0-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.0.0-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2020-13791" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sy57-hngf-d3gn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35375?format=api", "vulnerability_id": "VCID-t44w-g1ys-47e6", "summary": "Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15859.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15859.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15859", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09552", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09537", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32434", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32461", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32465", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32427", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.324", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32436", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32562", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32385", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15859" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15859", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15859" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1859168", "reference_id": "1859168", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1859168" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965978", "reference_id": "965978", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965978" }, { "reference_url": "https://security.gentoo.org/glsa/202208-27", "reference_id": "GLSA-202208-27", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4191", "reference_id": "RHSA-2021:4191", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4191" }, { "reference_url": "https://usn.ubuntu.com/4725-1/", "reference_id": "USN-4725-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4725-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388127?format=api", "purl": "pkg:apk/alpine/qemu@5.0.0-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.0.0-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2020-15859" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t44w-g1ys-47e6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61636?format=api", "vulnerability_id": "VCID-zk4y-2xjp-vfcs", "summary": "Multiple vulnerabilities have been found in QEMU, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13659.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13659.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13659", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10798", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10933", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10999", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10823", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10898", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10951", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10952", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10919", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10896", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10761", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13659" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13659", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13659" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13765" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842496", "reference_id": "1842496", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842496" }, { "reference_url": "https://security.gentoo.org/glsa/202011-09", "reference_id": "GLSA-202011-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202011-09" }, { "reference_url": "https://usn.ubuntu.com/4467-1/", "reference_id": "USN-4467-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4467-1/" }, { "reference_url": "https://usn.ubuntu.com/4467-2/", "reference_id": "USN-4467-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4467-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388127?format=api", "purl": "pkg:apk/alpine/qemu@5.0.0-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.0.0-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2020-13659" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zk4y-2xjp-vfcs" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.0.0-r0%3Farch=x86&distroversion=v3.18&reponame=community" }