Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/397727?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "type": "apk", "namespace": "alpine", "name": "qt6-qtwebengine", "version": "6.8.3-r1", "qualifiers": { "arch": "x86", "distroversion": "v3.22", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "6.8.3-r2", "latest_non_vulnerable_version": "6.8.3-r6", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96742?format=api", "vulnerability_id": "VCID-2rju-kk9j-1kbb", "summary": "Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5065", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31598", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31672", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31676", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31634", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31726", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31771", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.3159", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31642", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5065" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5065", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5065" }, { "reference_url": "https://issues.chromium.org/issues/40059071", "reference_id": "40059071", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:33:16Z/" } ], "url": "https://issues.chromium.org/issues/40059071" }, { "reference_url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html", "reference_id": "stable-channel-update-for-desktop_27.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:33:16Z/" } ], "url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-5065" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2rju-kk9j-1kbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96741?format=api", "vulnerability_id": "VCID-34ga-6n2z-4bcm", "summary": "Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5064", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32135", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32203", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32206", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32167", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32264", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32302", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32126", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32176", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5064" }, { "reference_url": "https://issues.chromium.org/issues/40058068", "reference_id": "40058068", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:34:05Z/" } ], "url": "https://issues.chromium.org/issues/40058068" }, { "reference_url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html", "reference_id": "stable-channel-update-for-desktop_27.html", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:34:05Z/" } ], "url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-5064" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-34ga-6n2z-4bcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96938?format=api", "vulnerability_id": "VCID-43dh-62vg-myda", "summary": "Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7656", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23729", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23816", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23831", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23787", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.2387", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.2391", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23699", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.2377", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7656" }, { "reference_url": "https://issues.chromium.org/issues/425583995", "reference_id": "425583995", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-16T03:56:05Z/" } ], "url": "https://issues.chromium.org/issues/425583995" }, { "reference_url": "https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html", "reference_id": "stable-channel-update-for-desktop_15.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-16T03:56:05Z/" } ], "url": "https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-7656" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43dh-62vg-myda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96428?format=api", "vulnerability_id": "VCID-8sah-61zb-cbb8", "summary": "Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05871", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05839", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06763", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06742", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06776", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06777", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06769", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06693", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10201" }, { "reference_url": "https://issues.chromium.org/issues/439305148", "reference_id": "439305148", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-10T19:22:27Z/" } ], "url": "https://issues.chromium.org/issues/439305148" }, { "reference_url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html", "reference_id": "stable-channel-update-for-desktop_9.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-10T19:22:27Z/" } ], "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-10201" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8sah-61zb-cbb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96740?format=api", "vulnerability_id": "VCID-8vsf-szma-sbad", "summary": "Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5063", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63921", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63956", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63968", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63954", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63902", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63929", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63887", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63937", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5063" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5063", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5063" }, { "reference_url": "https://issues.chromium.org/issues/411573532", "reference_id": "411573532", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-29T03:55:44Z/" } ], "url": "https://issues.chromium.org/issues/411573532" }, { "reference_url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html", "reference_id": "stable-channel-update-for-desktop_27.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-29T03:55:44Z/" } ], "url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-5063" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8vsf-szma-sbad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56158?format=api", "vulnerability_id": "VCID-98mt-7srw-qfh4", "summary": "A vulnerability has been discovered in libvpx, which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5283.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5283.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50733", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50756", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50714", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50718", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50681", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50663", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50707", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5283" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106689", "reference_id": "1106689", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106689" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368749", "reference_id": "2368749", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368749" }, { "reference_url": "https://issues.chromium.org/issues/419467315", "reference_id": "419467315", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:25:59Z/" } ], "url": "https://issues.chromium.org/issues/419467315" }, { "reference_url": "https://security.gentoo.org/glsa/202509-07", "reference_id": "GLSA-202509-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-42", "reference_id": "mfsa2025-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-42" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-43", "reference_id": "mfsa2025-43", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-43" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44", "reference_id": "mfsa2025-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-45", "reference_id": "mfsa2025-45", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-45" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46", "reference_id": "mfsa2025-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8293", "reference_id": "RHSA-2025:8293", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8293" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8308", "reference_id": "RHSA-2025:8308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8341", "reference_id": "RHSA-2025:8341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8598", "reference_id": "RHSA-2025:8598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8599", "reference_id": "RHSA-2025:8599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8607", "reference_id": "RHSA-2025:8607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8608", "reference_id": "RHSA-2025:8608", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8608" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8628", "reference_id": "RHSA-2025:8628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8629", "reference_id": "RHSA-2025:8629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8630", "reference_id": "RHSA-2025:8630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8631", "reference_id": "RHSA-2025:8631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8642", "reference_id": "RHSA-2025:8642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8756", "reference_id": "RHSA-2025:8756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9071", "reference_id": "RHSA-2025:9071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9072", "reference_id": "RHSA-2025:9072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9073", "reference_id": "RHSA-2025:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9074", "reference_id": "RHSA-2025:9074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9075", "reference_id": "RHSA-2025:9075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9076", "reference_id": "RHSA-2025:9076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9077", "reference_id": "RHSA-2025:9077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9118", "reference_id": "RHSA-2025:9118", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9118" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9119", "reference_id": "RHSA-2025:9119", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9119" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9120", "reference_id": "RHSA-2025:9120", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9120" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9122", "reference_id": "RHSA-2025:9122", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9122" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9123", "reference_id": "RHSA-2025:9123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9124", "reference_id": "RHSA-2025:9124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9125", "reference_id": "RHSA-2025:9125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9126", "reference_id": "RHSA-2025:9126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9127", "reference_id": "RHSA-2025:9127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9127" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9128", "reference_id": "RHSA-2025:9128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9155", "reference_id": "RHSA-2025:9155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9331", "reference_id": "RHSA-2025:9331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9331" }, { "reference_url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html", "reference_id": "stable-channel-update-for-desktop_27.html", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:25:59Z/" } ], "url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html" }, { "reference_url": "https://usn.ubuntu.com/7551-1/", "reference_id": "USN-7551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7551-1/" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-5283" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-98mt-7srw-qfh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96745?format=api", "vulnerability_id": "VCID-9jqr-s8fu-mfhu", "summary": "Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00449", "scoring_system": "epss", "scoring_elements": "0.63606", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00449", "scoring_system": "epss", "scoring_elements": "0.63623", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00449", "scoring_system": "epss", "scoring_elements": "0.6364", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00449", "scoring_system": "epss", "scoring_elements": "0.63655", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00449", "scoring_system": "epss", "scoring_elements": "0.63581", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00449", "scoring_system": "epss", "scoring_elements": "0.63608", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00449", "scoring_system": "epss", "scoring_elements": "0.63572", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5068" }, { "reference_url": "https://issues.chromium.org/issues/409059706", "reference_id": "409059706", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-04T03:55:58Z/" } ], "url": "https://issues.chromium.org/issues/409059706" }, { "reference_url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-04T03:55:58Z/" } ], "url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-5068" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9jqr-s8fu-mfhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96758?format=api", "vulnerability_id": "VCID-9q9q-6hv9-zkfc", "summary": "Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5281", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43873", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43904", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43922", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43889", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43897", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.4392", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43851", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43901", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5281" }, { "reference_url": "https://issues.chromium.org/issues/417215501", "reference_id": "417215501", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:27:42Z/" } ], "url": "https://issues.chromium.org/issues/417215501" }, { "reference_url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html", "reference_id": "stable-channel-update-for-desktop_27.html", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:27:42Z/" } ], "url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-5281" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9q9q-6hv9-zkfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96427?format=api", "vulnerability_id": "VCID-c4ds-sg5r-gbbv", "summary": "Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24206", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24169", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2591", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25953", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26004", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26014", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25969", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25884", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10200" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10200" }, { "reference_url": "https://issues.chromium.org/issues/440454442", "reference_id": "440454442", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-11T03:56:30Z/" } ], "url": "https://issues.chromium.org/issues/440454442" }, { "reference_url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html", "reference_id": "stable-channel-update-for-desktop_9.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-11T03:56:30Z/" } ], "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-10200" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c4ds-sg5r-gbbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34512?format=api", "vulnerability_id": "VCID-chwf-3ees-vucx", "summary": "Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8881", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06234", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06258", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06249", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06244", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06164", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06195", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06177", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0622", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8881" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8881", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8881" }, { "reference_url": "https://issues.chromium.org/issues/433800617", "reference_id": "433800617", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-13T18:37:55Z/" } ], "url": "https://issues.chromium.org/issues/433800617" }, { "reference_url": "https://security.gentoo.org/glsa/202511-04", "reference_id": "GLSA-202511-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202511-04" }, { "reference_url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html", "reference_id": "stable-channel-update-for-desktop_12.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-13T18:37:55Z/" } ], "url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-8881" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-chwf-3ees-vucx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96939?format=api", "vulnerability_id": "VCID-cnvn-bkhg-a3dw", "summary": "Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7657", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16972", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17103", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17079", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17032", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17124", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17177", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16955", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17045", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7657" }, { "reference_url": "https://issues.chromium.org/issues/427681143", "reference_id": "427681143", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-16T03:56:06Z/" } ], "url": "https://issues.chromium.org/issues/427681143" }, { "reference_url": "https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html", "reference_id": "stable-channel-update-for-desktop_15.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-16T03:56:06Z/" } ], "url": "https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-7657" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cnvn-bkhg-a3dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68965?format=api", "vulnerability_id": "VCID-edca-yux6-hfg2", "summary": "chromium: Chrome V8 Type Confusion Read/Write", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6554.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6554.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6554", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76138", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76195", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76183", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76196", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76221", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76197", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.7617", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.7615", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6554" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6554", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6554" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2375684", "reference_id": "2375684", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2375684" }, { "reference_url": "https://issues.chromium.org/issues/427663123", "reference_id": "427663123", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-07-17T03:55:36Z/" } ], "url": "https://issues.chromium.org/issues/427663123" }, { "reference_url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html", "reference_id": "stable-channel-update-for-desktop_30.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-07-17T03:55:36Z/" } ], "url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-6554" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-edca-yux6-hfg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96946?format=api", "vulnerability_id": "VCID-es45-v7v3-gkcy", "summary": "Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41433", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41462", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41389", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41439", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41448", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41468", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43902", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43886", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8576" }, { "reference_url": "https://issues.chromium.org/issues/414760982", "reference_id": "414760982", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-07T13:39:48Z/" } ], "url": "https://issues.chromium.org/issues/414760982" }, { "reference_url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-07T13:39:48Z/" } ], "url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-8576" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-es45-v7v3-gkcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34511?format=api", "vulnerability_id": "VCID-gj24-r1kr-1qg7", "summary": "Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31597", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.3167", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31674", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31633", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31725", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.3177", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31588", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.3164", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8880" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8880" }, { "reference_url": "https://issues.chromium.org/issues/433533359", "reference_id": "433533359", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-14T03:55:31Z/" } ], "url": "https://issues.chromium.org/issues/433533359" }, { "reference_url": "https://security.gentoo.org/glsa/202511-04", "reference_id": "GLSA-202511-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202511-04" }, { "reference_url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html", "reference_id": "stable-channel-update-for-desktop_12.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-14T03:55:31Z/" } ], "url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-8880" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gj24-r1kr-1qg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96974?format=api", "vulnerability_id": "VCID-hhme-jc9c-wua5", "summary": "Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9866", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18794", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18702", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18752", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18799", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19438", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19714", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19667", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19517", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9866" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9866", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9866" }, { "reference_url": "https://issues.chromium.org/issues/379337758", "reference_id": "379337758", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-04T03:55:44Z/" } ], "url": "https://issues.chromium.org/issues/379337758" }, { "reference_url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-04T03:55:44Z/" } ], "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-9866" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hhme-jc9c-wua5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73066?format=api", "vulnerability_id": "VCID-k2kp-fv3q-vyh2", "summary": "libexpat: expat: DoS via XML_ResumeParser", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50602.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50602.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50602", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31946", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32016", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32019", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.3198", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32074", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32114", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31936", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31987", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50602" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50602" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086134", "reference_id": "1086134", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086134" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321987", "reference_id": "2321987", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321987" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/915", "reference_id": "915", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-30T18:00:51Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/915" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11200", "reference_id": "RHSA-2024:11200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9502", "reference_id": "RHSA-2024:9502", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9502" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9541", "reference_id": "RHSA-2024:9541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3350", "reference_id": "RHSA-2025:3350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3350" }, { "reference_url": "https://usn.ubuntu.com/7145-1/", "reference_id": "USN-7145-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7145-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2024-50602" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2kp-fv3q-vyh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96845?format=api", "vulnerability_id": "VCID-qb26-d55m-yqe6", "summary": "Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23541", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23623", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2364", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23598", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23685", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23726", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23507", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23578", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6191" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6191" }, { "reference_url": "https://issues.chromium.org/issues/420697404", "reference_id": "420697404", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-19T03:55:09Z/" } ], "url": "https://issues.chromium.org/issues/420697404" }, { "reference_url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html", "reference_id": "stable-channel-update-for-desktop_17.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-19T03:55:09Z/" } ], "url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-6191" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qb26-d55m-yqe6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34514?format=api", "vulnerability_id": "VCID-qff9-euj8-u7f4", "summary": "Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8901", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23455", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23533", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.2355", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23509", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23597", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23634", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23413", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23484", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8901" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8901", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8901" }, { "reference_url": "https://issues.chromium.org/issues/435139154", "reference_id": "435139154", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T18:38:41Z/" } ], "url": "https://issues.chromium.org/issues/435139154" }, { "reference_url": "https://security.gentoo.org/glsa/202511-04", "reference_id": "GLSA-202511-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202511-04" }, { "reference_url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html", "reference_id": "stable-channel-update-for-desktop_12.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T18:38:41Z/" } ], "url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-8901" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qff9-euj8-u7f4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96950?format=api", "vulnerability_id": "VCID-qzrp-z4g2-yyhp", "summary": "Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8580", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16748", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16808", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16595", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.1668", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16734", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16714", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18069", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18019", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8580" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8580", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8580" }, { "reference_url": "https://issues.chromium.org/issues/411544197", "reference_id": "411544197", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-07T13:30:08Z/" } ], "url": "https://issues.chromium.org/issues/411544197" }, { "reference_url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-07T13:30:08Z/" } ], "url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-8580" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qzrp-z4g2-yyhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96777?format=api", "vulnerability_id": "VCID-sy2e-sgft-53b3", "summary": "Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03257", "scoring_system": "epss", "scoring_elements": "0.87133", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03257", "scoring_system": "epss", "scoring_elements": "0.8713", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03257", "scoring_system": "epss", "scoring_elements": "0.87144", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03257", "scoring_system": "epss", "scoring_elements": "0.87138", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03257", "scoring_system": "epss", "scoring_elements": "0.87092", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03257", "scoring_system": "epss", "scoring_elements": "0.8711", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03257", "scoring_system": "epss", "scoring_elements": "0.87103", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03257", "scoring_system": "epss", "scoring_elements": "0.87123", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5419" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5419", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5419" }, { "reference_url": "https://issues.chromium.org/issues/420636529", "reference_id": "420636529", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:00Z/" } ], "url": "https://issues.chromium.org/issues/420636529" }, { "reference_url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:00Z/" } ], "url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-5419" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sy2e-sgft-53b3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96952?format=api", "vulnerability_id": "VCID-tfc2-749m-sqh1", "summary": "Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8582", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19426", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19474", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19192", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1927", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19322", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19327", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20751", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.207", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8582" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8582", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8582" }, { "reference_url": "https://issues.chromium.org/issues/40089450", "reference_id": "40089450", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-07T13:24:17Z/" } ], "url": "https://issues.chromium.org/issues/40089450" }, { "reference_url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-07T13:24:17Z/" } ], "url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/427462?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r5?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r5%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-8582" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tfc2-749m-sqh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34510?format=api", "vulnerability_id": "VCID-u9mq-tb44-4kbc", "summary": "Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8879", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29436", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29529", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29532", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29487", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29555", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29604", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29426", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29488", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8879" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8879", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8879" }, { "reference_url": "https://issues.chromium.org/issues/432035817", "reference_id": "432035817", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-14T03:55:32Z/" } ], "url": "https://issues.chromium.org/issues/432035817" }, { "reference_url": "https://security.gentoo.org/glsa/202511-04", "reference_id": "GLSA-202511-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202511-04" }, { "reference_url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html", "reference_id": "stable-channel-update-for-desktop_12.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-14T03:55:32Z/" } ], "url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-8879" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u9mq-tb44-4kbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68659?format=api", "vulnerability_id": "VCID-vk4e-qufz-5ffp", "summary": "angle: insufficient input validation can cause undefined behavior", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6558.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6558.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6558", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37959", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37993", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.38004", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.38021", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37984", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44447", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44381", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44426", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6558" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6558", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6558" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380254", "reference_id": "2380254", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380254" }, { "reference_url": "https://issues.chromium.org/issues/427162086", "reference_id": "427162086", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-07-22T03:55:29Z/" } ], "url": "https://issues.chromium.org/issues/427162086" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13780", "reference_id": "RHSA-2025:13780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13782", "reference_id": "RHSA-2025:13782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14421", "reference_id": "RHSA-2025:14421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14422", "reference_id": "RHSA-2025:14422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14423", "reference_id": "RHSA-2025:14423", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14432", "reference_id": "RHSA-2025:14432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14433", "reference_id": "RHSA-2025:14433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14434", "reference_id": "RHSA-2025:14434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14486", "reference_id": "RHSA-2025:14486", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14486" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15729", "reference_id": "RHSA-2025:15729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15729" }, { "reference_url": "https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html", "reference_id": "stable-channel-update-for-desktop_15.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-07-22T03:55:29Z/" } ], "url": "https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html" }, { "reference_url": "https://usn.ubuntu.com/7702-1/", "reference_id": "USN-7702-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7702-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-6558" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vk4e-qufz-5ffp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82723?format=api", "vulnerability_id": "VCID-zzsv-3v7k-n3ep", "summary": "hunspell: out-of-bounds read in SuggestMgr::leftcommonsubstring in suggestmgr.cxx", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16707.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16707.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16707", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67156", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.6723", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67259", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67278", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67264", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67194", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67218", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67245", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16707" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16707" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/butterflyhack/hunspell-crash", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/butterflyhack/hunspell-crash" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24NTBHK2QNYKSBMJI34WEU5MHS3H2FAI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24NTBHK2QNYKSBMJI34WEU5MHS3H2FAI/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2YOYFI36IWKABNGFTWXCH7TTGAFODH6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2YOYFI36IWKABNGFTWXCH7TTGAFODH6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNTSVWI4SWBQL6XMXNGEH7EAQ45WN63G/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNTSVWI4SWBQL6XMXNGEH7EAQ45WN63G/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD4AJ4M74VT3I6L37E4P5DNYZYBZIOVM/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD4AJ4M74VT3I6L37E4P5DNYZYBZIOVM/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1771026", "reference_id": "1771026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1771026" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941185", "reference_id": "941185", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941185" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hunspell_project:hunspell:1.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:hunspell_project:hunspell:1.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hunspell_project:hunspell:1.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16707", "reference_id": "CVE-2019-16707", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16707" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3971", "reference_id": "RHSA-2020:3971", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3971" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397727?format=api", "purl": "pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2019-16707" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zzsv-3v7k-n3ep" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.8.3-r1%3Farch=x86&distroversion=v3.22&reponame=community" }