Package Instance

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000115.json

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000115.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000115

reference_id

reference_type

scores

value	0.02142
scoring_system	epss
scoring_elements	0.84531
published_at	2026-06-04T12:55:00Z

value	0.02142
scoring_system	epss
scoring_elements	0.84555
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000115

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:P

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-88.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-88.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	http://www.securityfocus.com/bid/100290
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100290

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1480330
reference_id	1480330
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1480330

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871709
reference_id	871709
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871709

reference_url	https://security.archlinux.org/ASA-201708-7
reference_id	ASA-201708-7
reference_type
scores
url	https://security.archlinux.org/ASA-201708-7

reference_url

reference_id

AVG-378

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

CVE-2017-1000115

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17983.json

reference_url	https://github.com/advisories/GHSA-hvr9-wr9p-grgr
reference_id	GHSA-hvr9-wr9p-grgr
reference_type
scores
url	https://github.com/advisories/GHSA-hvr9-wr9p-grgr

fixed_packages

url pkg:deb/debian/mercurial@4.0-1%2Bdeb9u1

purl pkg:deb/debian/mercurial@4.0-1%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@4.0-1%252Bdeb9u1

url pkg:deb/debian/mercurial@4.8.2-1%2Bdeb10u1

purl pkg:deb/debian/mercurial@4.8.2-1%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tsye-4m91-6ba1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@4.8.2-1%252Bdeb10u1

aliases CVE-2017-1000115, GHSA-hvr9-wr9p-grgr, PYSEC-2017-88

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71pc-96mg-ufbt

url VCID-b7rg-cd13-aygs

vulnerability_id VCID-b7rg-cd13-aygs

summary cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.

references

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17983.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-17983

reference_id

reference_type

scores

value	0.00425
scoring_system	epss
scoring_elements	0.62585
published_at	2026-06-05T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.6254
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-17983

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17983
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17983

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-91.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-91.yaml

reference_url

https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1637556
reference_id	1637556
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1637556

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-17983

reference_id

CVE-2018-17983

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-17983

reference_url	https://github.com/advisories/GHSA-p575-cf9h-wv42
reference_id	GHSA-p575-cf9h-wv42
reference_type
scores
url	https://github.com/advisories/GHSA-p575-cf9h-wv42

reference_url	https://usn.ubuntu.com/5102-1/
reference_id	USN-5102-1
reference_type
scores
url	https://usn.ubuntu.com/5102-1/

reference_url	https://usn.ubuntu.com/USN-5102-2/
reference_id	USN-USN-5102-2
reference_type
scores
url	https://usn.ubuntu.com/USN-5102-2/

fixed_packages

url pkg:deb/debian/mercurial@4.8.2-1%2Bdeb10u1

purl pkg:deb/debian/mercurial@4.8.2-1%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tsye-4m91-6ba1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@4.8.2-1%252Bdeb10u1

aliases CVE-2018-17983, GHSA-p575-cf9h-wv42, PYSEC-2018-91

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7rg-cd13-aygs

url VCID-knzd-ju2a-hbe5

vulnerability_id VCID-knzd-ju2a-hbe5

summary The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2016-05/msg00082.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-05/msg00082.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3105.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3105.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3105

reference_id

reference_type

scores

value	0.0118
scoring_system	epss
scoring_elements	0.79092
published_at	2026-06-04T12:55:00Z

value	0.0118
scoring_system	epss
scoring_elements	0.79119
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3105

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3105
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3105

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-28.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-28.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228012056/http://www.securityfocus.com/bid/90536

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228012056/http://www.securityfocus.com/bid/90536

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255

reference_url	http://www.securityfocus.com/bid/90536
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/90536

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1332945
reference_id	1332945
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1332945

reference_url	https://github.com/advisories/GHSA-49cw-434h-qc57
reference_id	GHSA-49cw-434h-qc57
reference_type
scores
url	https://github.com/advisories/GHSA-49cw-434h-qc57

fixed_packages

url pkg:deb/debian/mercurial@3.9.1-1~bpo8%2B1

purl pkg:deb/debian/mercurial@3.9.1-1~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@3.9.1-1~bpo8%252B1

aliases CVE-2016-3105, GHSA-49cw-434h-qc57, PYSEC-2016-28

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-knzd-ju2a-hbe5

url VCID-tsye-4m91-6ba1

vulnerability_id VCID-tsye-4m91-6ba1

summary A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3902.json

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3902.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3902

reference_id

reference_type

scores

value	0.00541
scoring_system	epss
scoring_elements	0.68047
published_at	2026-06-05T12:55:00Z

value	0.00541
scoring_system	epss
scoring_elements	0.68008
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3902

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3902

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2019-188.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2019-188.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_url

https://usn.ubuntu.com/4086-1

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4086-1

reference_url	https://usn.ubuntu.com/4086-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4086-1/

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1696025
reference_id	1696025
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1696025

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927674
reference_id	927674
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927674

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3902

reference_id

CVE-2019-3902

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3902

reference_url

https://github.com/advisories/GHSA-mq66-vcfc-8246

reference_id

GHSA-mq66-vcfc-8246

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mq66-vcfc-8246

reference_url	https://usn.ubuntu.com/5102-1/
reference_id	USN-5102-1
reference_type
scores
url	https://usn.ubuntu.com/5102-1/

reference_url	https://usn.ubuntu.com/USN-5102-2/
reference_id	USN-USN-5102-2
reference_type
scores
url	https://usn.ubuntu.com/USN-5102-2/

fixed_packages

url	pkg:deb/debian/mercurial@5.6.1-4
purl	pkg:deb/debian/mercurial@5.6.1-4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@5.6.1-4

aliases CVE-2019-3902, GHSA-mq66-vcfc-8246, PYSEC-2019-188

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tsye-4m91-6ba1

url VCID-utkv-unr7-c3dq

vulnerability_id VCID-utkv-unr7-c3dq

summary multiple issues

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000116.json

reference_url

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000116.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000116

reference_id

reference_type

scores

value	0.04585
scoring_system	epss
scoring_elements	0.8941
published_at	2026-06-04T12:55:00Z

value	0.04585
scoring_system	epss
scoring_elements	0.89428
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000116

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:P

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-89.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-89.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url	http://www.securityfocus.com/bid/100290
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100290

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1479915
reference_id	1479915
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1479915

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871710
reference_id	871710
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871710

reference_url	https://security.archlinux.org/ASA-201708-7
reference_id	ASA-201708-7
reference_type
scores
url	https://security.archlinux.org/ASA-201708-7

reference_url

reference_id

AVG-378

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

CVE-2017-1000116

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

GHSA-3qmg-c9vc-r47j

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html

fixed_packages

url pkg:deb/debian/mercurial@4.0-1%2Bdeb9u1

purl pkg:deb/debian/mercurial@4.0-1%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@4.0-1%252Bdeb9u1

url pkg:deb/debian/mercurial@4.8.2-1%2Bdeb10u1

purl pkg:deb/debian/mercurial@4.8.2-1%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tsye-4m91-6ba1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@4.8.2-1%252Bdeb10u1

aliases CVE-2017-1000116, GHSA-3qmg-c9vc-r47j, PYSEC-2017-89

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-utkv-unr7-c3dq

Fixing_vulnerabilities

url VCID-16q8-up17-hkd7

vulnerability_id VCID-16q8-up17-hkd7

summary Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

references

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3069

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3069.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3069.json

reference_url

reference_id

reference_type

scores

value	0.0283
scoring_system	epss
scoring_elements	0.86472
published_at	2026-06-05T12:55:00Z

value	0.0283
scoring_system	epss
scoring_elements	0.86449
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3069

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-27.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-27.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/197eed39e3d5

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/197eed39e3d5

reference_url

https://selenic.com/repo/hg-stable/rev/80cac1de6aea

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/80cac1de6aea

reference_url

https://selenic.com/repo/hg-stable/rev/ae279d4a19e9

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/ae279d4a19e9

reference_url

https://selenic.com/repo/hg-stable/rev/b732e7f2aba4

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/b732e7f2aba4

reference_url

https://selenic.com/repo/hg-stable/rev/cdda7b96afff

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/cdda7b96afff

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1320155
reference_id	1320155
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1320155

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504
reference_id	819504
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-3069

reference_id

CVE-2016-3069

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3069

reference_url	https://github.com/advisories/GHSA-8fm8-7365-5rh2
reference_id	GHSA-8fm8-7365-5rh2
reference_type
scores
url	https://github.com/advisories/GHSA-8fm8-7365-5rh2

reference_url	https://access.redhat.com/errata/RHSA-2016:0706
reference_id	RHSA-2016:0706
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0706

fixed_packages

url pkg:deb/debian/mercurial@2.2.2-4%2Bdeb7u2

purl pkg:deb/debian/mercurial@2.2.2-4%2Bdeb7u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-16q8-up17-hkd7

vulnerability	VCID-2996-7bgv-eqdv

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-dybb-af3z-zbce

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-n9rd-9dpp-t3cc

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@2.2.2-4%252Bdeb7u2

url pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

purl pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@3.1.2-2%252Bdeb8u4

aliases CVE-2016-3069, GHSA-8fm8-7365-5rh2, PYSEC-2016-27

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-16q8-up17-hkd7

url VCID-2996-7bgv-eqdv

vulnerability_id VCID-2996-7bgv-eqdv

summary The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.

references

reference_url

http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html

reference_url

http://lists.opensuse.org/opensuse-updates/2015-03/msg00085.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2015-03/msg00085.html

reference_url

http://mercurial.selenic.com/wiki/WhatsNew

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://mercurial.selenic.com/wiki/WhatsNew

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9462.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9462.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9462

reference_id

reference_type

scores

value	0.01129
scoring_system	epss
scoring_elements	0.78678
published_at	2026-06-05T12:55:00Z

value	0.01129
scoring_system	epss
scoring_elements	0.78651
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9462

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9462
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9462

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2015-14.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2015-14.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2015/dsa-3257

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2015/dsa-3257

reference_url

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

reference_url	http://www.osvdb.org/119816
reference_id
reference_type
scores
url	http://www.osvdb.org/119816

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1204807
reference_id	1204807
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1204807

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783237
reference_id	783237
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783237

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-9462

reference_id

CVE-2014-9462

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-9462

reference_url	https://github.com/advisories/GHSA-3pmw-h7j4-rf54
reference_id	GHSA-3pmw-h7j4-rf54
reference_type
scores
url	https://github.com/advisories/GHSA-3pmw-h7j4-rf54

fixed_packages

url pkg:deb/debian/mercurial@2.2.2-4%2Bdeb7u2

purl pkg:deb/debian/mercurial@2.2.2-4%2Bdeb7u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-16q8-up17-hkd7

vulnerability	VCID-2996-7bgv-eqdv

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-dybb-af3z-zbce

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-n9rd-9dpp-t3cc

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@2.2.2-4%252Bdeb7u2

url pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

purl pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@3.1.2-2%252Bdeb8u4

aliases CVE-2014-9462, GHSA-3pmw-h7j4-rf54, PYSEC-2015-14

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2996-7bgv-eqdv

url VCID-71pc-96mg-ufbt

vulnerability_id VCID-71pc-96mg-ufbt

summary multiple issues

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000115.json

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000115.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000115

reference_id

reference_type

scores

value	0.02142
scoring_system	epss
scoring_elements	0.84531
published_at	2026-06-04T12:55:00Z

value	0.02142
scoring_system	epss
scoring_elements	0.84555
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000115

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:P

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-88.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-88.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	http://www.securityfocus.com/bid/100290
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100290

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1480330
reference_id	1480330
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1480330

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871709
reference_id	871709
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871709

reference_url	https://security.archlinux.org/ASA-201708-7
reference_id	ASA-201708-7
reference_type
scores
url	https://security.archlinux.org/ASA-201708-7

reference_url

reference_id

AVG-378

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

CVE-2017-1000115

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html

reference_url	https://github.com/advisories/GHSA-hvr9-wr9p-grgr
reference_id	GHSA-hvr9-wr9p-grgr
reference_type
scores
url	https://github.com/advisories/GHSA-hvr9-wr9p-grgr

fixed_packages

url pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

purl pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@3.1.2-2%252Bdeb8u4

url pkg:deb/debian/mercurial@4.0-1%2Bdeb9u1

purl pkg:deb/debian/mercurial@4.0-1%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@4.0-1%252Bdeb9u1

url pkg:deb/debian/mercurial@4.8.2-1%2Bdeb10u1

purl pkg:deb/debian/mercurial@4.8.2-1%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tsye-4m91-6ba1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@4.8.2-1%252Bdeb10u1

aliases CVE-2017-1000115, GHSA-hvr9-wr9p-grgr, PYSEC-2017-88

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71pc-96mg-ufbt

url VCID-dybb-af3z-zbce

vulnerability_id VCID-dybb-af3z-zbce

summary Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

references

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3068

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3068.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3068.json

reference_url

reference_id

reference_type

scores

value	0.05001
scoring_system	epss
scoring_elements	0.89884
published_at	2026-06-04T12:55:00Z

value	0.05001
scoring_system	epss
scoring_elements	0.89899
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3068

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-26.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-26.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/34d43cb85de8

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/34d43cb85de8

reference_url

https://web.archive.org/web/20200228003737/http://www.securityfocus.com/bid/85733

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228003737/http://www.securityfocus.com/bid/85733

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

reference_url	http://www.securityfocus.com/bid/85733
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/85733

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1319768
reference_id	1319768
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1319768

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504
reference_id	819504
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-3068

reference_id

CVE-2016-3068

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3068

reference_url	https://github.com/advisories/GHSA-j7c2-rqm3-c97m
reference_id	GHSA-j7c2-rqm3-c97m
reference_type
scores
url	https://github.com/advisories/GHSA-j7c2-rqm3-c97m

reference_url	https://access.redhat.com/errata/RHSA-2016:0706
reference_id	RHSA-2016:0706
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0706

fixed_packages

url pkg:deb/debian/mercurial@2.2.2-4%2Bdeb7u2

purl pkg:deb/debian/mercurial@2.2.2-4%2Bdeb7u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-16q8-up17-hkd7

vulnerability	VCID-2996-7bgv-eqdv

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-dybb-af3z-zbce

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-n9rd-9dpp-t3cc

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@2.2.2-4%252Bdeb7u2

url pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

purl pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@3.1.2-2%252Bdeb8u4

aliases CVE-2016-3068, GHSA-j7c2-rqm3-c97m, PYSEC-2016-26

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dybb-af3z-zbce

url VCID-knzd-ju2a-hbe5

vulnerability_id VCID-knzd-ju2a-hbe5

summary The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2016-05/msg00082.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-05/msg00082.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3105.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3105.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3105

reference_id

reference_type

scores

value	0.0118
scoring_system	epss
scoring_elements	0.79092
published_at	2026-06-04T12:55:00Z

value	0.0118
scoring_system	epss
scoring_elements	0.79119
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3105

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3105
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3105

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-28.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-28.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228012056/http://www.securityfocus.com/bid/90536

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228012056/http://www.securityfocus.com/bid/90536

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255

reference_url	http://www.securityfocus.com/bid/90536
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/90536

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1332945
reference_id	1332945
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1332945

reference_url	https://github.com/advisories/GHSA-49cw-434h-qc57
reference_id	GHSA-49cw-434h-qc57
reference_type
scores
url	https://github.com/advisories/GHSA-49cw-434h-qc57

fixed_packages

url pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

purl pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@3.1.2-2%252Bdeb8u4

url pkg:deb/debian/mercurial@3.9.1-1~bpo8%2B1

purl pkg:deb/debian/mercurial@3.9.1-1~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@3.9.1-1~bpo8%252B1

aliases CVE-2016-3105, GHSA-49cw-434h-qc57, PYSEC-2016-28

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-knzd-ju2a-hbe5

url VCID-n9rd-9dpp-t3cc

vulnerability_id VCID-n9rd-9dpp-t3cc

summary The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3630.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3630.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3630

reference_id

reference_type

scores

value	0.05192
scoring_system	epss
scoring_elements	0.90106
published_at	2026-06-05T12:55:00Z

value	0.05192
scoring_system	epss
scoring_elements	0.9009
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3630

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-29.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-29.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/b6ed2505d6cf

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/b6ed2505d6cf

reference_url

https://selenic.com/repo/hg-stable/rev/b9714d958e89

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/b9714d958e89

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1322264
reference_id	1322264
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1322264

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504
reference_id	819504
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-3630

reference_id

CVE-2016-3630

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3630

reference_url	https://github.com/advisories/GHSA-9vjf-jjcq-3gh7
reference_id	GHSA-9vjf-jjcq-3gh7
reference_type
scores
url	https://github.com/advisories/GHSA-9vjf-jjcq-3gh7

fixed_packages

url pkg:deb/debian/mercurial@2.2.2-4%2Bdeb7u2

purl pkg:deb/debian/mercurial@2.2.2-4%2Bdeb7u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-16q8-up17-hkd7

vulnerability	VCID-2996-7bgv-eqdv

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-dybb-af3z-zbce

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-n9rd-9dpp-t3cc

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@2.2.2-4%252Bdeb7u2

url pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

purl pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@3.1.2-2%252Bdeb8u4

aliases CVE-2016-3630, GHSA-9vjf-jjcq-3gh7, PYSEC-2016-29

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9rd-9dpp-t3cc

url VCID-utkv-unr7-c3dq

vulnerability_id VCID-utkv-unr7-c3dq

summary multiple issues

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000116.json

reference_url

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000116.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000116

reference_id

reference_type

scores

value	0.04585
scoring_system	epss
scoring_elements	0.8941
published_at	2026-06-04T12:55:00Z

value	0.04585
scoring_system	epss
scoring_elements	0.89428
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000116

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:P

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-89.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-89.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url	http://www.securityfocus.com/bid/100290
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100290

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1479915
reference_id	1479915
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1479915

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871710
reference_id	871710
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871710

reference_url	https://security.archlinux.org/ASA-201708-7
reference_id	ASA-201708-7
reference_type
scores
url	https://security.archlinux.org/ASA-201708-7

reference_url

reference_id

AVG-378

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

CVE-2017-1000116

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

GHSA-3qmg-c9vc-r47j

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url