Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/mercurial@3.2.3
Typepypi
Namespace
Namemercurial
Version3.2.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.9
Latest_non_vulnerable_version4.9
Affected_by_vulnerabilities
0
url VCID-1kmd-1kun-qbdd
vulnerability_id VCID-1kmd-1kun-qbdd
summary The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2276
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2276
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13346.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13346.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-13346
reference_id
reference_type
scores
0
value 0.00267
scoring_system epss
scoring_elements 0.50184
published_at 2026-04-13T12:55:00Z
1
value 0.00267
scoring_system epss
scoring_elements 0.50228
published_at 2026-04-16T12:55:00Z
2
value 0.00349
scoring_system epss
scoring_elements 0.57447
published_at 2026-04-08T12:55:00Z
3
value 0.00349
scoring_system epss
scoring_elements 0.57394
published_at 2026-04-07T12:55:00Z
4
value 0.00349
scoring_system epss
scoring_elements 0.57418
published_at 2026-04-04T12:55:00Z
5
value 0.00349
scoring_system epss
scoring_elements 0.57442
published_at 2026-04-12T12:55:00Z
6
value 0.00349
scoring_system epss
scoring_elements 0.57465
published_at 2026-04-11T12:55:00Z
7
value 0.00349
scoring_system epss
scoring_elements 0.57449
published_at 2026-04-09T12:55:00Z
8
value 0.00349
scoring_system epss
scoring_elements 0.57395
published_at 2026-04-02T12:55:00Z
9
value 0.00349
scoring_system epss
scoring_elements 0.57313
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-13346
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13346
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13346
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-88.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-88.yaml
6
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
7
reference_url https://www.mercurial-scm.org/repo/hg/rev/faa924469635
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/repo/hg/rev/faa924469635
8
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1594090
reference_id 1594090
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1594090
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050
reference_id 901050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-13346
reference_id CVE-2018-13346
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-13346
13
reference_url https://github.com/advisories/GHSA-9xv4-r2hf-26gh
reference_id GHSA-9xv4-r2hf-26gh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9xv4-r2hf-26gh
fixed_packages
0
url pkg:pypi/mercurial@4.6.1
purl pkg:pypi/mercurial@4.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t9gd-va4q-a3ga
1
vulnerability VCID-z346-9s62-afaz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6.1
aliases CVE-2018-13346, GHSA-9xv4-r2hf-26gh, PYSEC-2018-88
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1kmd-1kun-qbdd
1
url VCID-5e12-c4fx-rfa3
vulnerability_id VCID-5e12-c4fx-rfa3
summary The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2016-05/msg00082.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-05/msg00082.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3105.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3105.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3105
reference_id
reference_type
scores
0
value 0.0118
scoring_system epss
scoring_elements 0.78697
published_at 2026-04-01T12:55:00Z
1
value 0.0118
scoring_system epss
scoring_elements 0.78775
published_at 2026-04-16T12:55:00Z
2
value 0.0118
scoring_system epss
scoring_elements 0.78747
published_at 2026-04-13T12:55:00Z
3
value 0.0118
scoring_system epss
scoring_elements 0.78755
published_at 2026-04-12T12:55:00Z
4
value 0.0118
scoring_system epss
scoring_elements 0.78773
published_at 2026-04-11T12:55:00Z
5
value 0.0118
scoring_system epss
scoring_elements 0.78748
published_at 2026-04-09T12:55:00Z
6
value 0.0118
scoring_system epss
scoring_elements 0.78741
published_at 2026-04-08T12:55:00Z
7
value 0.0118
scoring_system epss
scoring_elements 0.78716
published_at 2026-04-07T12:55:00Z
8
value 0.0118
scoring_system epss
scoring_elements 0.78734
published_at 2026-04-04T12:55:00Z
9
value 0.0118
scoring_system epss
scoring_elements 0.78703
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3105
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3105
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3105
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-28.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-28.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3105
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3105
7
reference_url https://security.gentoo.org/glsa/201612-19
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-19
8
reference_url https://selenic.com/hg/rev/a56296f55a5e
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://selenic.com/hg/rev/a56296f55a5e
9
reference_url https://web.archive.org/web/20200228012056/http://www.securityfocus.com/bid/90536
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228012056/http://www.securityfocus.com/bid/90536
10
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29
11
reference_url http://www.debian.org/security/2016/dsa-3570
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3570
12
reference_url http://www.securityfocus.com/bid/90536
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/90536
13
reference_url http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1332945
reference_id 1332945
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1332945
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
17
reference_url https://github.com/advisories/GHSA-49cw-434h-qc57
reference_id GHSA-49cw-434h-qc57
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-49cw-434h-qc57
fixed_packages
0
url pkg:pypi/mercurial@3.8rc0
purl pkg:pypi/mercurial@3.8rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kmd-1kun-qbdd
1
vulnerability VCID-7vwz-hbq8-c7dr
2
vulnerability VCID-bahp-n5dx-2qeg
3
vulnerability VCID-ck6k-4bcg-6faq
4
vulnerability VCID-hhwu-knps-qqfw
5
vulnerability VCID-nruh-my9y-jqfj
6
vulnerability VCID-t9gd-va4q-a3ga
7
vulnerability VCID-v91s-ety2-x7au
8
vulnerability VCID-z346-9s62-afaz
9
vulnerability VCID-z59g-jz53-cudb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.8rc0
1
url pkg:pypi/mercurial@3.8
purl pkg:pypi/mercurial@3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kmd-1kun-qbdd
1
vulnerability VCID-7vwz-hbq8-c7dr
2
vulnerability VCID-bahp-n5dx-2qeg
3
vulnerability VCID-ck6k-4bcg-6faq
4
vulnerability VCID-hhwu-knps-qqfw
5
vulnerability VCID-nruh-my9y-jqfj
6
vulnerability VCID-t9gd-va4q-a3ga
7
vulnerability VCID-v91s-ety2-x7au
8
vulnerability VCID-z346-9s62-afaz
9
vulnerability VCID-z59g-jz53-cudb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.8
aliases CVE-2016-3105, GHSA-49cw-434h-qc57, PYSEC-2016-28
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5e12-c4fx-rfa3
2
url VCID-6jye-8j2x-2bgp
vulnerability_id VCID-6jye-8j2x-2bgp
summary The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html
5
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3630.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3630.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3630
reference_id
reference_type
scores
0
value 0.05192
scoring_system epss
scoring_elements 0.89935
published_at 2026-04-16T12:55:00Z
1
value 0.05192
scoring_system epss
scoring_elements 0.89881
published_at 2026-04-01T12:55:00Z
2
value 0.05192
scoring_system epss
scoring_elements 0.89884
published_at 2026-04-02T12:55:00Z
3
value 0.05192
scoring_system epss
scoring_elements 0.89896
published_at 2026-04-04T12:55:00Z
4
value 0.05192
scoring_system epss
scoring_elements 0.89902
published_at 2026-04-07T12:55:00Z
5
value 0.05192
scoring_system epss
scoring_elements 0.89918
published_at 2026-04-08T12:55:00Z
6
value 0.05192
scoring_system epss
scoring_elements 0.89923
published_at 2026-04-09T12:55:00Z
7
value 0.05192
scoring_system epss
scoring_elements 0.89931
published_at 2026-04-11T12:55:00Z
8
value 0.05192
scoring_system epss
scoring_elements 0.89928
published_at 2026-04-12T12:55:00Z
9
value 0.05192
scoring_system epss
scoring_elements 0.89922
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3630
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-29.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-29.yaml
13
reference_url https://security.gentoo.org/glsa/201612-19
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-19
14
reference_url https://selenic.com/repo/hg-stable/rev/b6ed2505d6cf
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://selenic.com/repo/hg-stable/rev/b6ed2505d6cf
15
reference_url https://selenic.com/repo/hg-stable/rev/b9714d958e89
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://selenic.com/repo/hg-stable/rev/b9714d958e89
16
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
17
reference_url http://www.debian.org/security/2016/dsa-3542
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3542
18
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1322264
reference_id 1322264
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1322264
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504
reference_id 819504
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
reference_id cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
reference_id cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
reference_id cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
reference_id cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3630
reference_id CVE-2016-3630
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3630
33
reference_url https://github.com/advisories/GHSA-9vjf-jjcq-3gh7
reference_id GHSA-9vjf-jjcq-3gh7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9vjf-jjcq-3gh7
fixed_packages
0
url pkg:pypi/mercurial@3.7.3
purl pkg:pypi/mercurial@3.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kmd-1kun-qbdd
1
vulnerability VCID-5e12-c4fx-rfa3
2
vulnerability VCID-7vwz-hbq8-c7dr
3
vulnerability VCID-bahp-n5dx-2qeg
4
vulnerability VCID-ck6k-4bcg-6faq
5
vulnerability VCID-hhwu-knps-qqfw
6
vulnerability VCID-nruh-my9y-jqfj
7
vulnerability VCID-t9gd-va4q-a3ga
8
vulnerability VCID-v91s-ety2-x7au
9
vulnerability VCID-z346-9s62-afaz
10
vulnerability VCID-z59g-jz53-cudb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.7.3
aliases CVE-2016-3630, GHSA-9vjf-jjcq-3gh7, PYSEC-2016-29
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6jye-8j2x-2bgp
3
url VCID-7vwz-hbq8-c7dr
vulnerability_id VCID-7vwz-hbq8-c7dr
summary In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:1576
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1576
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9462.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9462.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-9462
reference_id
reference_type
scores
0
value 0.48699
scoring_system epss
scoring_elements 0.97754
published_at 2026-04-12T12:55:00Z
1
value 0.48699
scoring_system epss
scoring_elements 0.97761
published_at 2026-04-16T12:55:00Z
2
value 0.48699
scoring_system epss
scoring_elements 0.97755
published_at 2026-04-13T12:55:00Z
3
value 0.48699
scoring_system epss
scoring_elements 0.97752
published_at 2026-04-11T12:55:00Z
4
value 0.48699
scoring_system epss
scoring_elements 0.9775
published_at 2026-04-09T12:55:00Z
5
value 0.48699
scoring_system epss
scoring_elements 0.97746
published_at 2026-04-08T12:55:00Z
6
value 0.48699
scoring_system epss
scoring_elements 0.97741
published_at 2026-04-07T12:55:00Z
7
value 0.48699
scoring_system epss
scoring_elements 0.9774
published_at 2026-04-04T12:55:00Z
8
value 0.48699
scoring_system epss
scoring_elements 0.97738
published_at 2026-04-02T12:55:00Z
9
value 0.48699
scoring_system epss
scoring_elements 0.97732
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-9462
3
reference_url https://bugs.debian.org/861243
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/861243
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9462
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9462
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:C/I:C/A:C
1
value 9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-ghjx-3jg5-h6r2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-ghjx-3jg5-h6r2
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-91.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-91.yaml
8
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
9
reference_url https://security.gentoo.org/glsa/201709-18
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201709-18
10
reference_url https://web.archive.org/web/20200227162318/http://www.securityfocus.com/bid/99123
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227162318/http://www.securityfocus.com/bid/99123
11
reference_url https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499
12
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29
13
reference_url http://www.debian.org/security/2017/dsa-3963
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2017/dsa-3963
14
reference_url http://www.securityfocus.com/bid/99123
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99123
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1459482
reference_id 1459482
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1459482
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861243
reference_id 861243
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861243
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-9462
reference_id CVE-2017-9462
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-9462
fixed_packages
0
url pkg:pypi/mercurial@4.1.3
purl pkg:pypi/mercurial@4.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kmd-1kun-qbdd
1
vulnerability VCID-bahp-n5dx-2qeg
2
vulnerability VCID-ck6k-4bcg-6faq
3
vulnerability VCID-hhwu-knps-qqfw
4
vulnerability VCID-nruh-my9y-jqfj
5
vulnerability VCID-t9gd-va4q-a3ga
6
vulnerability VCID-v91s-ety2-x7au
7
vulnerability VCID-z346-9s62-afaz
8
vulnerability VCID-z59g-jz53-cudb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.1.3
aliases CVE-2017-9462, GHSA-ghjx-3jg5-h6r2, PYSEC-2017-91
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7vwz-hbq8-c7dr
4
url VCID-bahp-n5dx-2qeg
vulnerability_id VCID-bahp-n5dx-2qeg
summary Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2276
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2276
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000132.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000132.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000132
reference_id
reference_type
scores
0
value 0.006
scoring_system epss
scoring_elements 0.69438
published_at 2026-04-13T12:55:00Z
1
value 0.006
scoring_system epss
scoring_elements 0.69476
published_at 2026-04-16T12:55:00Z
2
value 0.00783
scoring_system epss
scoring_elements 0.73686
published_at 2026-04-07T12:55:00Z
3
value 0.00783
scoring_system epss
scoring_elements 0.73734
published_at 2026-04-09T12:55:00Z
4
value 0.00783
scoring_system epss
scoring_elements 0.73721
published_at 2026-04-08T12:55:00Z
5
value 0.00783
scoring_system epss
scoring_elements 0.73738
published_at 2026-04-12T12:55:00Z
6
value 0.00783
scoring_system epss
scoring_elements 0.73756
published_at 2026-04-11T12:55:00Z
7
value 0.00783
scoring_system epss
scoring_elements 0.73681
published_at 2026-04-01T12:55:00Z
8
value 0.00783
scoring_system epss
scoring_elements 0.7369
published_at 2026-04-02T12:55:00Z
9
value 0.00783
scoring_system epss
scoring_elements 0.73714
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000132
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000132
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000132
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-87.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-87.yaml
6
reference_url https://lists.debian.org/debian-lts-announce/2018/03/msg00034.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/03/msg00034.html
7
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
8
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
9
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1553265
reference_id 1553265
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1553265
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892964
reference_id 892964
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892964
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000132
reference_id CVE-2018-1000132
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000132
13
reference_url https://github.com/advisories/GHSA-4mr4-7vjv-9hm6
reference_id GHSA-4mr4-7vjv-9hm6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4mr4-7vjv-9hm6
fixed_packages
0
url pkg:pypi/mercurial@4.5.1
purl pkg:pypi/mercurial@4.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kmd-1kun-qbdd
1
vulnerability VCID-hhwu-knps-qqfw
2
vulnerability VCID-t9gd-va4q-a3ga
3
vulnerability VCID-v91s-ety2-x7au
4
vulnerability VCID-z346-9s62-afaz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.5.1
aliases CVE-2018-1000132, GHSA-4mr4-7vjv-9hm6, PYSEC-2018-87
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bahp-n5dx-2qeg
5
url VCID-ck6k-4bcg-6faq
vulnerability_id VCID-ck6k-4bcg-6faq
summary Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:2489
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2489
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000116.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000116.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000116
reference_id
reference_type
scores
0
value 0.06641
scoring_system epss
scoring_elements 0.91191
published_at 2026-04-09T12:55:00Z
1
value 0.06641
scoring_system epss
scoring_elements 0.91224
published_at 2026-04-16T12:55:00Z
2
value 0.06641
scoring_system epss
scoring_elements 0.912
published_at 2026-04-13T12:55:00Z
3
value 0.06641
scoring_system epss
scoring_elements 0.91201
published_at 2026-04-12T12:55:00Z
4
value 0.06641
scoring_system epss
scoring_elements 0.91197
published_at 2026-04-11T12:55:00Z
5
value 0.06641
scoring_system epss
scoring_elements 0.91184
published_at 2026-04-08T12:55:00Z
6
value 0.06641
scoring_system epss
scoring_elements 0.91171
published_at 2026-04-07T12:55:00Z
7
value 0.06641
scoring_system epss
scoring_elements 0.91163
published_at 2026-04-04T12:55:00Z
8
value 0.06641
scoring_system epss
scoring_elements 0.91154
published_at 2026-04-02T12:55:00Z
9
value 0.06641
scoring_system epss
scoring_elements 0.91149
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000116
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:P
1
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-89.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-89.yaml
7
reference_url https://security.gentoo.org/glsa/201709-18
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201709-18
8
reference_url https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290
9
reference_url https://wiki.mercurial-scm.org/WhatsNew/Archive
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://wiki.mercurial-scm.org/WhatsNew/Archive
10
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29
11
reference_url http://www.debian.org/security/2017/dsa-3963
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2017/dsa-3963
12
reference_url http://www.securityfocus.com/bid/100290
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100290
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1479915
reference_id 1479915
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1479915
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871710
reference_id 871710
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871710
15
reference_url https://security.archlinux.org/ASA-201708-7
reference_id ASA-201708-7
reference_type
scores
url https://security.archlinux.org/ASA-201708-7
16
reference_url https://security.archlinux.org/AVG-378
reference_id AVG-378
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-378
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000116
reference_id CVE-2017-1000116
reference_type
scores
0
value 10.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:C/I:C/A:C
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000116
31
reference_url https://github.com/advisories/GHSA-3qmg-c9vc-r47j
reference_id GHSA-3qmg-c9vc-r47j
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3qmg-c9vc-r47j
fixed_packages
0
url pkg:pypi/mercurial@4.3
purl pkg:pypi/mercurial@4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kmd-1kun-qbdd
1
vulnerability VCID-bahp-n5dx-2qeg
2
vulnerability VCID-hhwu-knps-qqfw
3
vulnerability VCID-nruh-my9y-jqfj
4
vulnerability VCID-t9gd-va4q-a3ga
5
vulnerability VCID-v91s-ety2-x7au
6
vulnerability VCID-z346-9s62-afaz
7
vulnerability VCID-z59g-jz53-cudb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.3
aliases CVE-2017-1000116, GHSA-3qmg-c9vc-r47j, PYSEC-2017-89
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ck6k-4bcg-6faq
6
url VCID-hhwu-knps-qqfw
vulnerability_id VCID-hhwu-knps-qqfw
summary mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2276
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2276
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13347.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13347.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-13347
reference_id
reference_type
scores
0
value 0.01158
scoring_system epss
scoring_elements 0.78599
published_at 2026-04-11T12:55:00Z
1
value 0.01158
scoring_system epss
scoring_elements 0.78574
published_at 2026-04-09T12:55:00Z
2
value 0.01158
scoring_system epss
scoring_elements 0.78523
published_at 2026-04-01T12:55:00Z
3
value 0.01158
scoring_system epss
scoring_elements 0.7856
published_at 2026-04-04T12:55:00Z
4
value 0.01158
scoring_system epss
scoring_elements 0.786
published_at 2026-04-16T12:55:00Z
5
value 0.01158
scoring_system epss
scoring_elements 0.78572
published_at 2026-04-13T12:55:00Z
6
value 0.01158
scoring_system epss
scoring_elements 0.7858
published_at 2026-04-12T12:55:00Z
7
value 0.01158
scoring_system epss
scoring_elements 0.7853
published_at 2026-04-02T12:55:00Z
8
value 0.01158
scoring_system epss
scoring_elements 0.78569
published_at 2026-04-08T12:55:00Z
9
value 0.01158
scoring_system epss
scoring_elements 0.78543
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-13347
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13347
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13347
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-89.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-89.yaml
6
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
7
reference_url https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
8
reference_url https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
9
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1594087
reference_id 1594087
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1594087
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050
reference_id 901050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-13347
reference_id CVE-2018-13347
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-13347
14
reference_url https://github.com/advisories/GHSA-3mjj-mr4f-qxmx
reference_id GHSA-3mjj-mr4f-qxmx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3mjj-mr4f-qxmx
fixed_packages
0
url pkg:pypi/mercurial@4.6.1
purl pkg:pypi/mercurial@4.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t9gd-va4q-a3ga
1
vulnerability VCID-z346-9s62-afaz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6.1
aliases CVE-2018-13347, GHSA-3mjj-mr4f-qxmx, PYSEC-2018-89
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hhwu-knps-qqfw
7
url VCID-nruh-my9y-jqfj
vulnerability_id VCID-nruh-my9y-jqfj
summary In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17458.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17458.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-17458
reference_id
reference_type
scores
0
value 0.17249
scoring_system epss
scoring_elements 0.95041
published_at 2026-04-16T12:55:00Z
1
value 0.17249
scoring_system epss
scoring_elements 0.95032
published_at 2026-04-13T12:55:00Z
2
value 0.17249
scoring_system epss
scoring_elements 0.95006
published_at 2026-04-02T12:55:00Z
3
value 0.17249
scoring_system epss
scoring_elements 0.94996
published_at 2026-04-01T12:55:00Z
4
value 0.17249
scoring_system epss
scoring_elements 0.95029
published_at 2026-04-12T12:55:00Z
5
value 0.17249
scoring_system epss
scoring_elements 0.95028
published_at 2026-04-11T12:55:00Z
6
value 0.17249
scoring_system epss
scoring_elements 0.95022
published_at 2026-04-09T12:55:00Z
7
value 0.17249
scoring_system epss
scoring_elements 0.95018
published_at 2026-04-08T12:55:00Z
8
value 0.17249
scoring_system epss
scoring_elements 0.9501
published_at 2026-04-07T12:55:00Z
9
value 0.17249
scoring_system epss
scoring_elements 0.95007
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-17458
2
reference_url https://bz.mercurial-scm.org/show_bug.cgi?id=5730
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bz.mercurial-scm.org/show_bug.cgi?id=5730
3
reference_url https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17458
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17458
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:N
1
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/dscho/hg
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dscho/hg
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-90.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-90.yaml
8
reference_url https://lists.debian.org/debian-lts-announce/2017/12/msg00027.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2017/12/msg00027.html
9
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
10
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00041.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00041.html
11
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
12
reference_url https://web.archive.org/web/20200227132808/http://www.securityfocus.com/bid/102926
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227132808/http://www.securityfocus.com/bid/102926
13
reference_url https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html
14
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29
15
reference_url http://www.securityfocus.com/bid/102926
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/102926
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1509868
reference_id 1509868
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1509868
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-17458
reference_id CVE-2017-17458
reference_type
scores
0
value 10.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:C/I:C/A:C
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-17458
21
reference_url https://github.com/advisories/GHSA-6v56-cpg6-3rpx
reference_id GHSA-6v56-cpg6-3rpx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6v56-cpg6-3rpx
fixed_packages
0
url pkg:pypi/mercurial@4.4.1
purl pkg:pypi/mercurial@4.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kmd-1kun-qbdd
1
vulnerability VCID-bahp-n5dx-2qeg
2
vulnerability VCID-hhwu-knps-qqfw
3
vulnerability VCID-t9gd-va4q-a3ga
4
vulnerability VCID-v91s-ety2-x7au
5
vulnerability VCID-z346-9s62-afaz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.4.1
aliases CVE-2017-17458, GHSA-6v56-cpg6-3rpx, PYSEC-2017-90
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nruh-my9y-jqfj
8
url VCID-qs77-k84k-qfam
vulnerability_id VCID-qs77-k84k-qfam
summary Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html
5
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2016-0706.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0706.html
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3068.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3068.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3068
reference_id
reference_type
scores
0
value 0.05001
scoring_system epss
scoring_elements 0.89715
published_at 2026-04-12T12:55:00Z
1
value 0.05001
scoring_system epss
scoring_elements 0.89717
published_at 2026-04-11T12:55:00Z
2
value 0.05001
scoring_system epss
scoring_elements 0.89709
published_at 2026-04-13T12:55:00Z
3
value 0.05001
scoring_system epss
scoring_elements 0.89703
published_at 2026-04-08T12:55:00Z
4
value 0.05001
scoring_system epss
scoring_elements 0.89686
published_at 2026-04-07T12:55:00Z
5
value 0.05001
scoring_system epss
scoring_elements 0.89684
published_at 2026-04-04T12:55:00Z
6
value 0.05001
scoring_system epss
scoring_elements 0.89667
published_at 2026-04-01T12:55:00Z
7
value 0.05001
scoring_system epss
scoring_elements 0.89724
published_at 2026-04-16T12:55:00Z
8
value 0.05001
scoring_system epss
scoring_elements 0.89669
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3068
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630
12
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-26.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-26.yaml
14
reference_url https://security.gentoo.org/glsa/201612-19
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-19
15
reference_url https://selenic.com/repo/hg-stable/rev/34d43cb85de8
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://selenic.com/repo/hg-stable/rev/34d43cb85de8
16
reference_url https://web.archive.org/web/20200228003737/http://www.securityfocus.com/bid/85733
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228003737/http://www.securityfocus.com/bid/85733
17
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
18
reference_url http://www.debian.org/security/2016/dsa-3542
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3542
19
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
20
reference_url http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
21
reference_url http://www.securityfocus.com/bid/85733
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/85733
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1319768
reference_id 1319768
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1319768
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504
reference_id 819504
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
reference_id cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
reference_id cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
reference_id cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
reference_id cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3068
reference_id CVE-2016-3068
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3068
43
reference_url https://github.com/advisories/GHSA-j7c2-rqm3-c97m
reference_id GHSA-j7c2-rqm3-c97m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j7c2-rqm3-c97m
44
reference_url https://access.redhat.com/errata/RHSA-2016:0706
reference_id RHSA-2016:0706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0706
fixed_packages
0
url pkg:pypi/mercurial@3.7.3
purl pkg:pypi/mercurial@3.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kmd-1kun-qbdd
1
vulnerability VCID-5e12-c4fx-rfa3
2
vulnerability VCID-7vwz-hbq8-c7dr
3
vulnerability VCID-bahp-n5dx-2qeg
4
vulnerability VCID-ck6k-4bcg-6faq
5
vulnerability VCID-hhwu-knps-qqfw
6
vulnerability VCID-nruh-my9y-jqfj
7
vulnerability VCID-t9gd-va4q-a3ga
8
vulnerability VCID-v91s-ety2-x7au
9
vulnerability VCID-z346-9s62-afaz
10
vulnerability VCID-z59g-jz53-cudb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.7.3
aliases CVE-2016-3068, GHSA-j7c2-rqm3-c97m, PYSEC-2016-26
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qs77-k84k-qfam
9
url VCID-t9gd-va4q-a3ga
vulnerability_id VCID-t9gd-va4q-a3ga
summary cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17983.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17983.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17983
reference_id
reference_type
scores
0
value 0.00448
scoring_system epss
scoring_elements 0.63571
published_at 2026-04-16T12:55:00Z
1
value 0.00448
scoring_system epss
scoring_elements 0.63585
published_at 2026-04-11T12:55:00Z
2
value 0.00448
scoring_system epss
scoring_elements 0.63448
published_at 2026-04-01T12:55:00Z
3
value 0.00448
scoring_system epss
scoring_elements 0.63569
published_at 2026-04-12T12:55:00Z
4
value 0.00448
scoring_system epss
scoring_elements 0.63551
published_at 2026-04-08T12:55:00Z
5
value 0.00448
scoring_system epss
scoring_elements 0.635
published_at 2026-04-07T12:55:00Z
6
value 0.00448
scoring_system epss
scoring_elements 0.63535
published_at 2026-04-13T12:55:00Z
7
value 0.00448
scoring_system epss
scoring_elements 0.63508
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17983
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17983
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17983
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-91.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-91.yaml
5
reference_url https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901
6
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1637556
reference_id 1637556
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1637556
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17983
reference_id CVE-2018-17983
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-17983
9
reference_url https://github.com/advisories/GHSA-p575-cf9h-wv42
reference_id GHSA-p575-cf9h-wv42
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p575-cf9h-wv42
10
reference_url https://usn.ubuntu.com/5102-1/
reference_id USN-5102-1
reference_type
scores
url https://usn.ubuntu.com/5102-1/
11
reference_url https://usn.ubuntu.com/USN-5102-2/
reference_id USN-USN-5102-2
reference_type
scores
url https://usn.ubuntu.com/USN-5102-2/
fixed_packages
0
url pkg:pypi/mercurial@4.7.2
purl pkg:pypi/mercurial@4.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-z346-9s62-afaz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.7.2
aliases CVE-2018-17983, GHSA-p575-cf9h-wv42, PYSEC-2018-91
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9gd-va4q-a3ga
10
url VCID-tks6-8etr-mkf1
vulnerability_id VCID-tks6-8etr-mkf1
summary The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.
references
0
reference_url http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2015-03/msg00085.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-03/msg00085.html
2
reference_url http://mercurial.selenic.com/wiki/WhatsNew
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://mercurial.selenic.com/wiki/WhatsNew
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9462.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9462.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-9462
reference_id
reference_type
scores
0
value 0.01129
scoring_system epss
scoring_elements 0.78309
published_at 2026-04-13T12:55:00Z
1
value 0.01129
scoring_system epss
scoring_elements 0.78315
published_at 2026-04-12T12:55:00Z
2
value 0.01129
scoring_system epss
scoring_elements 0.78332
published_at 2026-04-11T12:55:00Z
3
value 0.01129
scoring_system epss
scoring_elements 0.78306
published_at 2026-04-09T12:55:00Z
4
value 0.01129
scoring_system epss
scoring_elements 0.783
published_at 2026-04-08T12:55:00Z
5
value 0.01129
scoring_system epss
scoring_elements 0.78274
published_at 2026-04-07T12:55:00Z
6
value 0.01129
scoring_system epss
scoring_elements 0.78338
published_at 2026-04-16T12:55:00Z
7
value 0.01289
scoring_system epss
scoring_elements 0.7961
published_at 2026-04-02T12:55:00Z
8
value 0.01289
scoring_system epss
scoring_elements 0.79632
published_at 2026-04-04T12:55:00Z
9
value 0.01289
scoring_system epss
scoring_elements 0.79603
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-9462
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9462
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9462
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2015-14.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2015-14.yaml
7
reference_url https://security.gentoo.org/glsa/201612-19
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-19
8
reference_url http://www.debian.org/security/2015/dsa-3257
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2015/dsa-3257
9
reference_url http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
10
reference_url http://www.osvdb.org/119816
reference_id
reference_type
scores
url http://www.osvdb.org/119816
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1204807
reference_id 1204807
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1204807
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783237
reference_id 783237
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783237
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-9462
reference_id CVE-2014-9462
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-9462
14
reference_url https://github.com/advisories/GHSA-3pmw-h7j4-rf54
reference_id GHSA-3pmw-h7j4-rf54
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3pmw-h7j4-rf54
fixed_packages
0
url pkg:pypi/mercurial@3.2.4
purl pkg:pypi/mercurial@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kmd-1kun-qbdd
1
vulnerability VCID-5e12-c4fx-rfa3
2
vulnerability VCID-6jye-8j2x-2bgp
3
vulnerability VCID-7vwz-hbq8-c7dr
4
vulnerability VCID-bahp-n5dx-2qeg
5
vulnerability VCID-ck6k-4bcg-6faq
6
vulnerability VCID-hhwu-knps-qqfw
7
vulnerability VCID-nruh-my9y-jqfj
8
vulnerability VCID-qs77-k84k-qfam
9
vulnerability VCID-t9gd-va4q-a3ga
10
vulnerability VCID-v91s-ety2-x7au
11
vulnerability VCID-z346-9s62-afaz
12
vulnerability VCID-z59g-jz53-cudb
13
vulnerability VCID-znz1-y81d-zfff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.2.4
aliases CVE-2014-9462, GHSA-3pmw-h7j4-rf54, PYSEC-2015-14
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tks6-8etr-mkf1
11
url VCID-v91s-ety2-x7au
vulnerability_id VCID-v91s-ety2-x7au
summary The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13348.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13348.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-13348
reference_id
reference_type
scores
0
value 0.00613
scoring_system epss
scoring_elements 0.69876
published_at 2026-04-16T12:55:00Z
1
value 0.00613
scoring_system epss
scoring_elements 0.69773
published_at 2026-04-01T12:55:00Z
2
value 0.00613
scoring_system epss
scoring_elements 0.69785
published_at 2026-04-02T12:55:00Z
3
value 0.00613
scoring_system epss
scoring_elements 0.69801
published_at 2026-04-04T12:55:00Z
4
value 0.00613
scoring_system epss
scoring_elements 0.69777
published_at 2026-04-07T12:55:00Z
5
value 0.00613
scoring_system epss
scoring_elements 0.69825
published_at 2026-04-08T12:55:00Z
6
value 0.00613
scoring_system epss
scoring_elements 0.6984
published_at 2026-04-09T12:55:00Z
7
value 0.00613
scoring_system epss
scoring_elements 0.69863
published_at 2026-04-11T12:55:00Z
8
value 0.00613
scoring_system epss
scoring_elements 0.69849
published_at 2026-04-12T12:55:00Z
9
value 0.00613
scoring_system epss
scoring_elements 0.69834
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-13348
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13348
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13348
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-90.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-90.yaml
5
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
6
reference_url https://www.mercurial-scm.org/repo/hg/rev/90a274965de7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/repo/hg/rev/90a274965de7
7
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1594083
reference_id 1594083
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1594083
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050
reference_id 901050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-13348
reference_id CVE-2018-13348
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-13348
12
reference_url https://github.com/advisories/GHSA-3v62-ww8w-758m
reference_id GHSA-3v62-ww8w-758m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3v62-ww8w-758m
fixed_packages
0
url pkg:pypi/mercurial@4.6.1
purl pkg:pypi/mercurial@4.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t9gd-va4q-a3ga
1
vulnerability VCID-z346-9s62-afaz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6.1
aliases CVE-2018-13348, GHSA-3v62-ww8w-758m, PYSEC-2018-90
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v91s-ety2-x7au
12
url VCID-z346-9s62-afaz
vulnerability_id VCID-z346-9s62-afaz
summary A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3902.json
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3902.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3902
reference_id
reference_type
scores
0
value 0.00531
scoring_system epss
scoring_elements 0.67265
published_at 2026-04-13T12:55:00Z
1
value 0.00531
scoring_system epss
scoring_elements 0.67252
published_at 2026-04-04T12:55:00Z
2
value 0.00531
scoring_system epss
scoring_elements 0.673
published_at 2026-04-16T12:55:00Z
3
value 0.00531
scoring_system epss
scoring_elements 0.67314
published_at 2026-04-11T12:55:00Z
4
value 0.00531
scoring_system epss
scoring_elements 0.67294
published_at 2026-04-09T12:55:00Z
5
value 0.00531
scoring_system epss
scoring_elements 0.67281
published_at 2026-04-08T12:55:00Z
6
value 0.00531
scoring_system epss
scoring_elements 0.67191
published_at 2026-04-01T12:55:00Z
7
value 0.00531
scoring_system epss
scoring_elements 0.67229
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3902
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3902
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3902
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2019-188.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2019-188.yaml
6
reference_url https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html
7
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
8
reference_url https://usn.ubuntu.com/4086-1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4086-1
9
reference_url https://usn.ubuntu.com/4086-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4086-1/
10
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1696025
reference_id 1696025
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1696025
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927674
reference_id 927674
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927674
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3902
reference_id CVE-2019-3902
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3902
14
reference_url https://github.com/advisories/GHSA-mq66-vcfc-8246
reference_id GHSA-mq66-vcfc-8246
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mq66-vcfc-8246
15
reference_url https://usn.ubuntu.com/5102-1/
reference_id USN-5102-1
reference_type
scores
url https://usn.ubuntu.com/5102-1/
16
reference_url https://usn.ubuntu.com/USN-5102-2/
reference_id USN-USN-5102-2
reference_type
scores
url https://usn.ubuntu.com/USN-5102-2/
fixed_packages
0
url pkg:pypi/mercurial@4.9
purl pkg:pypi/mercurial@4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.9
aliases CVE-2019-3902, GHSA-mq66-vcfc-8246, PYSEC-2019-188
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z346-9s62-afaz
13
url VCID-z59g-jz53-cudb
vulnerability_id VCID-z59g-jz53-cudb
summary Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:2489
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2489
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000115.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000115.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000115
reference_id
reference_type
scores
0
value 0.02142
scoring_system epss
scoring_elements 0.84159
published_at 2026-04-02T12:55:00Z
1
value 0.02142
scoring_system epss
scoring_elements 0.84237
published_at 2026-04-16T12:55:00Z
2
value 0.02142
scoring_system epss
scoring_elements 0.84216
published_at 2026-04-13T12:55:00Z
3
value 0.02142
scoring_system epss
scoring_elements 0.8422
published_at 2026-04-12T12:55:00Z
4
value 0.02142
scoring_system epss
scoring_elements 0.84225
published_at 2026-04-11T12:55:00Z
5
value 0.02142
scoring_system epss
scoring_elements 0.84207
published_at 2026-04-09T12:55:00Z
6
value 0.02142
scoring_system epss
scoring_elements 0.84201
published_at 2026-04-08T12:55:00Z
7
value 0.02142
scoring_system epss
scoring_elements 0.84179
published_at 2026-04-07T12:55:00Z
8
value 0.02142
scoring_system epss
scoring_elements 0.84178
published_at 2026-04-04T12:55:00Z
9
value 0.02142
scoring_system epss
scoring_elements 0.84146
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000115
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:N/I:P/A:P
1
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-88.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-88.yaml
7
reference_url https://security.gentoo.org/glsa/201709-18
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201709-18
8
reference_url https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290
9
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29
10
reference_url http://www.debian.org/security/2017/dsa-3963
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2017/dsa-3963
11
reference_url http://www.securityfocus.com/bid/100290
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100290
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1480330
reference_id 1480330
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1480330
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871709
reference_id 871709
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871709
14
reference_url https://security.archlinux.org/ASA-201708-7
reference_id ASA-201708-7
reference_type
scores
url https://security.archlinux.org/ASA-201708-7
15
reference_url https://security.archlinux.org/AVG-378
reference_id AVG-378
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-378
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000115
reference_id CVE-2017-1000115
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000115
30
reference_url https://github.com/advisories/GHSA-hvr9-wr9p-grgr
reference_id GHSA-hvr9-wr9p-grgr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hvr9-wr9p-grgr
fixed_packages
0
url pkg:pypi/mercurial@4.3
purl pkg:pypi/mercurial@4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kmd-1kun-qbdd
1
vulnerability VCID-bahp-n5dx-2qeg
2
vulnerability VCID-hhwu-knps-qqfw
3
vulnerability VCID-nruh-my9y-jqfj
4
vulnerability VCID-t9gd-va4q-a3ga
5
vulnerability VCID-v91s-ety2-x7au
6
vulnerability VCID-z346-9s62-afaz
7
vulnerability VCID-z59g-jz53-cudb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.3
1
url pkg:pypi/mercurial@4.3.1
purl pkg:pypi/mercurial@4.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kmd-1kun-qbdd
1
vulnerability VCID-bahp-n5dx-2qeg
2
vulnerability VCID-hhwu-knps-qqfw
3
vulnerability VCID-nruh-my9y-jqfj
4
vulnerability VCID-t9gd-va4q-a3ga
5
vulnerability VCID-v91s-ety2-x7au
6
vulnerability VCID-z346-9s62-afaz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.3.1
aliases CVE-2017-1000115, GHSA-hvr9-wr9p-grgr, PYSEC-2017-88
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z59g-jz53-cudb
14
url VCID-znz1-y81d-zfff
vulnerability_id VCID-znz1-y81d-zfff
summary Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html
5
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2016-0706.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0706.html
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3069.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3069.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3069
reference_id
reference_type
scores
0
value 0.0283
scoring_system epss
scoring_elements 0.86195
published_at 2026-04-16T12:55:00Z
1
value 0.0283
scoring_system epss
scoring_elements 0.86113
published_at 2026-04-01T12:55:00Z
2
value 0.0283
scoring_system epss
scoring_elements 0.86123
published_at 2026-04-02T12:55:00Z
3
value 0.0283
scoring_system epss
scoring_elements 0.86139
published_at 2026-04-07T12:55:00Z
4
value 0.0283
scoring_system epss
scoring_elements 0.86158
published_at 2026-04-08T12:55:00Z
5
value 0.0283
scoring_system epss
scoring_elements 0.8617
published_at 2026-04-09T12:55:00Z
6
value 0.0283
scoring_system epss
scoring_elements 0.86184
published_at 2026-04-11T12:55:00Z
7
value 0.0283
scoring_system epss
scoring_elements 0.86182
published_at 2026-04-12T12:55:00Z
8
value 0.0283
scoring_system epss
scoring_elements 0.86178
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3069
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630
12
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-27.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-27.yaml
14
reference_url https://security.gentoo.org/glsa/201612-19
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-19
15
reference_url https://selenic.com/repo/hg-stable/rev/197eed39e3d5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://selenic.com/repo/hg-stable/rev/197eed39e3d5
16
reference_url https://selenic.com/repo/hg-stable/rev/80cac1de6aea
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://selenic.com/repo/hg-stable/rev/80cac1de6aea
17
reference_url https://selenic.com/repo/hg-stable/rev/ae279d4a19e9
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://selenic.com/repo/hg-stable/rev/ae279d4a19e9
18
reference_url https://selenic.com/repo/hg-stable/rev/b732e7f2aba4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://selenic.com/repo/hg-stable/rev/b732e7f2aba4
19
reference_url https://selenic.com/repo/hg-stable/rev/cdda7b96afff
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://selenic.com/repo/hg-stable/rev/cdda7b96afff
20
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
21
reference_url http://www.debian.org/security/2016/dsa-3542
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3542
22
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
23
reference_url http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1320155
reference_id 1320155
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1320155
25
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504
reference_id 819504
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
reference_id cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
reference_id cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
reference_id cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
reference_id cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3069
reference_id CVE-2016-3069
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3069
45
reference_url https://github.com/advisories/GHSA-8fm8-7365-5rh2
reference_id GHSA-8fm8-7365-5rh2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8fm8-7365-5rh2
46
reference_url https://access.redhat.com/errata/RHSA-2016:0706
reference_id RHSA-2016:0706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0706
fixed_packages
0
url pkg:pypi/mercurial@3.7.3
purl pkg:pypi/mercurial@3.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kmd-1kun-qbdd
1
vulnerability VCID-5e12-c4fx-rfa3
2
vulnerability VCID-7vwz-hbq8-c7dr
3
vulnerability VCID-bahp-n5dx-2qeg
4
vulnerability VCID-ck6k-4bcg-6faq
5
vulnerability VCID-hhwu-knps-qqfw
6
vulnerability VCID-nruh-my9y-jqfj
7
vulnerability VCID-t9gd-va4q-a3ga
8
vulnerability VCID-v91s-ety2-x7au
9
vulnerability VCID-z346-9s62-afaz
10
vulnerability VCID-z59g-jz53-cudb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.7.3
aliases CVE-2016-3069, GHSA-8fm8-7365-5rh2, PYSEC-2016-27
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-znz1-y81d-zfff
Fixing_vulnerabilities
0
url VCID-j1c4-rux6-wygr
vulnerability_id VCID-j1c4-rux6-wygr
summary Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.
references
0
reference_url http://article.gmane.org/gmane.linux.kernel/1853266
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://article.gmane.org/gmane.linux.kernel/1853266
1
reference_url http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html
2
reference_url http://mercurial.selenic.com/wiki/WhatsNew
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://mercurial.selenic.com/wiki/WhatsNew
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9390.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9390.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-9390
reference_id
reference_type
scores
0
value 0.77155
scoring_system epss
scoring_elements 0.98972
published_at 2026-04-16T12:55:00Z
1
value 0.77155
scoring_system epss
scoring_elements 0.98968
published_at 2026-04-09T12:55:00Z
2
value 0.77155
scoring_system epss
scoring_elements 0.98967
published_at 2026-04-07T12:55:00Z
3
value 0.77155
scoring_system epss
scoring_elements 0.98965
published_at 2026-04-04T12:55:00Z
4
value 0.77155
scoring_system epss
scoring_elements 0.98962
published_at 2026-04-02T12:55:00Z
5
value 0.77155
scoring_system epss
scoring_elements 0.98961
published_at 2026-04-01T12:55:00Z
6
value 0.77155
scoring_system epss
scoring_elements 0.9897
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-9390
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390
6
reference_url http://securitytracker.com/id?1031404
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://securitytracker.com/id?1031404
7
reference_url https://github.com/blog/1938-git-client-vulnerability-announced
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/blog/1938-git-client-vulnerability-announced
8
reference_url https://github.com/blog/1938-vulnerability-announced-update-your-git-clients
reference_id
reference_type
scores
url https://github.com/blog/1938-vulnerability-announced-update-your-git-clients
9
reference_url https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915
10
reference_url https://github.com/libgit2/libgit2/releases/tag/v0.21.3
reference_id
reference_type
scores
url https://github.com/libgit2/libgit2/releases/tag/v0.21.3
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2020-217.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2020-217.yaml
12
reference_url https://libgit2.org/security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://libgit2.org/security
13
reference_url https://libgit2.org/security/
reference_id
reference_type
scores
url https://libgit2.org/security/
14
reference_url https://news.ycombinator.com/item?id=8769667
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://news.ycombinator.com/item?id=8769667
15
reference_url https://projects.eclipse.org/projects/technology.jgit/releases/3.5.3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://projects.eclipse.org/projects/technology.jgit/releases/3.5.3
16
reference_url http://support.apple.com/kb/HT204147
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT204147
17
reference_url https://web.archive.org/web/20211204220400/https://securitytracker.com/id?1031404
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20211204220400/https://securitytracker.com/id?1031404
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1175960
reference_id 1175960
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1175960
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773640
reference_id 773640
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773640
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774048
reference_id 774048
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774048
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774050
reference_id 774050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774050
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-9390
reference_id CVE-2014-9390
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-9390
23
reference_url https://github.com/advisories/GHSA-6vvc-c2m3-cjf3
reference_id GHSA-6vvc-c2m3-cjf3
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6vvc-c2m3-cjf3
24
reference_url https://security.gentoo.org/glsa/201509-06
reference_id GLSA-201509-06
reference_type
scores
url https://security.gentoo.org/glsa/201509-06
25
reference_url https://usn.ubuntu.com/2470-1/
reference_id USN-2470-1
reference_type
scores
url https://usn.ubuntu.com/2470-1/
fixed_packages
0
url pkg:pypi/mercurial@3.2.3
purl pkg:pypi/mercurial@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kmd-1kun-qbdd
1
vulnerability VCID-5e12-c4fx-rfa3
2
vulnerability VCID-6jye-8j2x-2bgp
3
vulnerability VCID-7vwz-hbq8-c7dr
4
vulnerability VCID-bahp-n5dx-2qeg
5
vulnerability VCID-ck6k-4bcg-6faq
6
vulnerability VCID-hhwu-knps-qqfw
7
vulnerability VCID-nruh-my9y-jqfj
8
vulnerability VCID-qs77-k84k-qfam
9
vulnerability VCID-t9gd-va4q-a3ga
10
vulnerability VCID-tks6-8etr-mkf1
11
vulnerability VCID-v91s-ety2-x7au
12
vulnerability VCID-z346-9s62-afaz
13
vulnerability VCID-z59g-jz53-cudb
14
vulnerability VCID-znz1-y81d-zfff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.2.3
aliases CVE-2014-9390, GHSA-6vvc-c2m3-cjf3, PYSEC-2020-217
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j1c4-rux6-wygr
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.2.3