Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/4624?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/4624?format=api", "purl": "pkg:deb/debian/expat@2.1.0-1%2Bdeb7u2", "type": "deb", "namespace": "debian", "name": "expat", "version": "2.1.0-1+deb7u2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.8.1-1", "latest_non_vulnerable_version": "2.8.1-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67069?format=api", "vulnerability_id": "VCID-4y75-sfzb-kbf3", "summary": "In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43680.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43680.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43680", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60563", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60611", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022743", "reference_id": "1022743", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022743" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140059", "reference_id": "2140059", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140059" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/28/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/28/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/03/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/03/5" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/616", "reference_id": "616", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/616" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/649", "reference_id": "649", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/649" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/650", "reference_id": "650", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/650" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/", "reference_id": "AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/", "reference_id": "BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/", "reference_id": "DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5266", "reference_id": "dsa-5266", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5266" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/", "reference_id": "FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/" }, { "reference_url": "https://security.gentoo.org/glsa/202210-38", "reference_id": "GLSA-202210-38", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://security.gentoo.org/glsa/202210-38" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/", "reference_id": "IUJ2BULJTZ2BMSKQHB6US674P55UCWWS", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html", "reference_id": "msg00033.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221118-0007/", "reference_id": "ntap-20221118-0007", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20221118-0007/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8548", "reference_id": "RHSA-2022:8548", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8549", "reference_id": "RHSA-2022:8549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8550", "reference_id": "RHSA-2022:8550", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8553", "reference_id": "RHSA-2022:8553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8554", "reference_id": "RHSA-2022:8554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0103", "reference_id": "RHSA-2023:0103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0337", "reference_id": "RHSA-2023:0337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0421", "reference_id": "RHSA-2024:0421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/5638-2/", "reference_id": "USN-5638-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5638-2/" }, { "reference_url": "https://usn.ubuntu.com/5638-3/", "reference_id": "USN-5638-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5638-3/" }, { "reference_url": "https://usn.ubuntu.com/5638-4/", "reference_id": "USN-5638-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5638-4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/", "reference_id": "XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6492?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rcd-tvec-q7e5" }, { "vulnerability": "VCID-2ptf-rmup-ebeu" }, { "vulnerability": "VCID-abbh-mbgq-mkbu" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b9bc-gdyw-ufb9" }, { "vulnerability": "VCID-d2db-wju5-4khw" }, { "vulnerability": "VCID-esw2-bybb-xkcm" }, { "vulnerability": "VCID-nqpv-xqew-d7et" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-t3np-c4np-kff8" }, { "vulnerability": "VCID-tyba-j6k8-z3hh" }, { "vulnerability": "VCID-wxuh-ewtr-wqht" }, { "vulnerability": "VCID-xayk-1q4b-f3ez" }, { "vulnerability": "VCID-zxh1-jrat-y7bu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5" } ], "aliases": [ "CVE-2022-43680" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4y75-sfzb-kbf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67040?format=api", "vulnerability_id": "VCID-5de4-qewv-2uck", "summary": "Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1283.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1283.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.6722", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.6726", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1266", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1266" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1267" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1268", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1268" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1272", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1272" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1273", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1273" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1274", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1274" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1276", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1276" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1278", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1278" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1279", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1279" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1280", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1280" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1282", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1282" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1288", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1288" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1289", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1289" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245587", "reference_id": "1245587", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245587" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793484", "reference_id": "793484", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793484" }, { "reference_url": "https://security.gentoo.org/glsa/201603-09", "reference_id": "GLSA-201603-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201603-09" }, { "reference_url": "https://security.gentoo.org/glsa/201701-21", "reference_id": "GLSA-201701-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1499", "reference_id": "RHSA-2015:1499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1499" }, { "reference_url": "https://usn.ubuntu.com/2677-1/", "reference_id": "USN-2677-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2677-1/" }, { "reference_url": "https://usn.ubuntu.com/2726-1/", "reference_id": "USN-2726-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2726-1/" }, { "reference_url": "https://usn.ubuntu.com/3013-1/", "reference_id": "USN-3013-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3013-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4772-1/", "reference_id": "USN-USN-4772-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4772-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4626?format=api", "purl": "pkg:deb/debian/expat@2.1.0-6%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-5de4-qewv-2uck" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-7t2y-ppma-aqe1" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-awcv-w3zr-ebhp" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-axy3-4epf-p3dw" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-ea8u-5x5j-dkch" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yw5f-radc-t7g9" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0-6%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/5046?format=api", "purl": "pkg:deb/debian/expat@2.2.0-2%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.0-2%252Bdeb9u3" } ], "aliases": [ "CVE-2015-1283" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5de4-qewv-2uck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67052?format=api", "vulnerability_id": "VCID-7dfh-6k5v-cfdg", "summary": "defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22824.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22824.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62916", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62958", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474", "reference_id": "1003474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467", "reference_id": "2044467", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0818", "reference_id": "RHSA-2022:0818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0824", "reference_id": "RHSA-2022:0824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0845", "reference_id": "RHSA-2022:0845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0850", "reference_id": "RHSA-2022:0850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" } ], "aliases": [ "CVE-2022-22824" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7dfh-6k5v-cfdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1937?format=api", "vulnerability_id": "VCID-7t2y-ppma-aqe1", "summary": "Security researcher Gustavo Grieco reported a potential out-of-bounds\nread parsing malformed XML data during character conversion. This is due to a bug in the\nExpat library, which is used in Firefox. This could allow an attacker to read other\ninaccessible memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0718.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0718.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0718", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02827", "scoring_system": "epss", "scoring_elements": "0.8644", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02827", "scoring_system": "epss", "scoring_elements": "0.86463", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0718" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296102", "reference_id": "1296102", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296102" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718", "reference_id": "CVE-2016-0718", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718" }, { "reference_url": "https://security.gentoo.org/glsa/201701-21", "reference_id": "GLSA-201701-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-68", "reference_id": "mfsa2016-68", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-68" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2824", "reference_id": "RHSA-2016:2824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2824" }, { "reference_url": "https://usn.ubuntu.com/2983-1/", "reference_id": "USN-2983-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2983-1/" }, { "reference_url": "https://usn.ubuntu.com/3013-1/", "reference_id": "USN-3013-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3013-1/" }, { "reference_url": "https://usn.ubuntu.com/3044-1/", "reference_id": "USN-3044-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3044-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4626?format=api", "purl": "pkg:deb/debian/expat@2.1.0-6%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-5de4-qewv-2uck" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-7t2y-ppma-aqe1" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-awcv-w3zr-ebhp" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-axy3-4epf-p3dw" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-ea8u-5x5j-dkch" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yw5f-radc-t7g9" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0-6%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/5046?format=api", "purl": "pkg:deb/debian/expat@2.2.0-2%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.0-2%252Bdeb9u3" } ], "aliases": [ "CVE-2016-0718" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7t2y-ppma-aqe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67060?format=api", "vulnerability_id": "VCID-8t4w-nhhm-dyge", "summary": "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25236.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25236.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08156", "scoring_system": "epss", "scoring_elements": "0.9234", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.08156", "scoring_system": "epss", "scoring_elements": "0.92325", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/02/19/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005895", "reference_id": "1005895", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005895" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370", "reference_id": "2056370", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", "reference_id": "3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/561", "reference_id": "561", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/561" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5085", "reference_id": "dsa-5085", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5085" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", "reference_id": "msg00007.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0008/", "reference_id": "ntap-20220303-0008", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0815", "reference_id": "RHSA-2022:0815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0816", "reference_id": "RHSA-2022:0816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0817", "reference_id": "RHSA-2022:0817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0818", "reference_id": "RHSA-2022:0818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0824", "reference_id": "RHSA-2022:0824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0843", "reference_id": "RHSA-2022:0843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0845", "reference_id": "RHSA-2022:0845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0847", "reference_id": "RHSA-2022:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0850", "reference_id": "RHSA-2022:0850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0853", "reference_id": "RHSA-2022:0853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1012", "reference_id": "RHSA-2022:1012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1053", "reference_id": "RHSA-2022:1053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1053" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1068", "reference_id": "RHSA-2022:1068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1070", "reference_id": "RHSA-2022:1070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1263", "reference_id": "RHSA-2022:1263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1309", "reference_id": "RHSA-2022:1309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7811", "reference_id": "RHSA-2022:7811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7811" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/8235-1/", "reference_id": "USN-8235-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8235-1/" }, { "reference_url": "https://usn.ubuntu.com/8240-1/", "reference_id": "USN-8240-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8240-1/" }, { "reference_url": "https://usn.ubuntu.com/8241-1/", "reference_id": "USN-8241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8241-1/" }, { "reference_url": "https://usn.ubuntu.com/8313-1/", "reference_id": "USN-8313-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8313-1/" }, { "reference_url": "https://usn.ubuntu.com/8314-1/", "reference_id": "USN-8314-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8314-1/" }, { "reference_url": "https://usn.ubuntu.com/8316-1/", "reference_id": "USN-8316-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8316-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", "reference_id": "Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" }, { "reference_url": "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html", "reference_id": "Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:40Z/" } ], "url": "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" } ], "aliases": [ "CVE-2022-25236" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8t4w-nhhm-dyge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67053?format=api", "vulnerability_id": "VCID-92u6-xmte-1khx", "summary": "lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22825.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22825.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42775", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42849", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474", "reference_id": "1003474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479", "reference_id": "2044479", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" } ], "aliases": [ "CVE-2022-22825" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-92u6-xmte-1khx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67046?format=api", "vulnerability_id": "VCID-961d-c3an-dfg7", "summary": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9233.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44318", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44387", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9233" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462729", "reference_id": "1462729", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462729" }, { "reference_url": "https://security.archlinux.org/ASA-201706-32", "reference_id": "ASA-201706-32", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-32" }, { "reference_url": "https://security.archlinux.org/ASA-201707-27", "reference_id": "ASA-201707-27", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-27" }, { "reference_url": "https://security.archlinux.org/AVG-305", "reference_id": "AVG-305", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-305" }, { "reference_url": "https://security.archlinux.org/AVG-306", "reference_id": "AVG-306", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-306" }, { "reference_url": "https://usn.ubuntu.com/3356-1/", "reference_id": "USN-3356-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3356-1/" }, { "reference_url": "https://usn.ubuntu.com/3356-2/", "reference_id": "USN-3356-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3356-2/" }, { "reference_url": "https://usn.ubuntu.com/USN-4825-1/", "reference_id": "USN-USN-4825-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4825-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4626?format=api", "purl": "pkg:deb/debian/expat@2.1.0-6%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-5de4-qewv-2uck" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-7t2y-ppma-aqe1" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-awcv-w3zr-ebhp" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-axy3-4epf-p3dw" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-ea8u-5x5j-dkch" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yw5f-radc-t7g9" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0-6%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/5046?format=api", "purl": "pkg:deb/debian/expat@2.2.0-2%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.0-2%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" } ], "aliases": [ "CVE-2017-9233" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-961d-c3an-dfg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38143?format=api", "vulnerability_id": "VCID-awcv-w3zr-ebhp", "summary": "Uncontrolled Resource Consumption\nThe XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5300.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5300.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5300", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83862", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02202", "scoring_system": "epss", "scoring_elements": "0.84757", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securityfocus.com/bid/91159", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/91159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343085", "reference_id": "1343085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343085" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5300", "reference_id": "CVE-2016-5300", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5300" }, { "reference_url": "https://security.gentoo.org/glsa/201701-21", "reference_id": "GLSA-201701-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-21" }, { "reference_url": "https://usn.ubuntu.com/3010-1/", "reference_id": "USN-3010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3010-1/" }, { "reference_url": "https://usn.ubuntu.com/3013-1/", "reference_id": "USN-3013-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3013-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4626?format=api", "purl": "pkg:deb/debian/expat@2.1.0-6%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-5de4-qewv-2uck" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-7t2y-ppma-aqe1" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-awcv-w3zr-ebhp" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-axy3-4epf-p3dw" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-ea8u-5x5j-dkch" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yw5f-radc-t7g9" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0-6%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/5046?format=api", "purl": "pkg:deb/debian/expat@2.2.0-2%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.0-2%252Bdeb9u3" } ], "aliases": [ "CVE-2016-5300" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-awcv-w3zr-ebhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67076?format=api", "vulnerability_id": "VCID-ax2q-63fe-fqes", "summary": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45491.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45491.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01143", "scoring_system": "epss", "scoring_elements": "0.78801", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45491" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080150", "reference_id": "1080150", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080150" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308616", "reference_id": "2308616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308616" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/888", "reference_id": "888", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-30T13:53:48Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/888" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/891", "reference_id": "891", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-30T13:53:48Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/891" }, { "reference_url": "https://security.gentoo.org/glsa/202501-09", "reference_id": "GLSA-202501-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10135", "reference_id": "RHSA-2024:10135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11109", "reference_id": "RHSA-2024:11109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6754", "reference_id": "RHSA-2024:6754", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6754" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6989", "reference_id": "RHSA-2024:6989", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6989" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7213", "reference_id": "RHSA-2024:7213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7599", "reference_id": "RHSA-2024:7599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8859", "reference_id": "RHSA-2024:8859", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8859" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9610", "reference_id": "RHSA-2024:9610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9610" }, { "reference_url": "https://usn.ubuntu.com/7000-1/", "reference_id": "USN-7000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7000-1/" }, { "reference_url": "https://usn.ubuntu.com/7000-2/", "reference_id": "USN-7000-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7000-2/" }, { "reference_url": "https://usn.ubuntu.com/7001-1/", "reference_id": "USN-7001-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7001-1/" }, { "reference_url": "https://usn.ubuntu.com/7001-2/", "reference_id": "USN-7001-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7001-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195807?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rcd-tvec-q7e5" }, { "vulnerability": "VCID-2ptf-rmup-ebeu" }, { "vulnerability": "VCID-abbh-mbgq-mkbu" }, { "vulnerability": "VCID-b9bc-gdyw-ufb9" }, { "vulnerability": "VCID-d2db-wju5-4khw" }, { "vulnerability": "VCID-t3np-c4np-kff8" }, { "vulnerability": "VCID-tyba-j6k8-z3hh" }, { "vulnerability": "VCID-wxuh-ewtr-wqht" }, { "vulnerability": "VCID-xayk-1q4b-f3ez" }, { "vulnerability": "VCID-zxh1-jrat-y7bu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2" } ], "aliases": [ "CVE-2024-45491" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ax2q-63fe-fqes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67036?format=api", "vulnerability_id": "VCID-axy3-4epf-p3dw", "summary": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6702.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6702.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6702", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72893", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.7293", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6702" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319731", "reference_id": "1319731", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319731" }, { "reference_url": "https://security.gentoo.org/glsa/201701-21", "reference_id": "GLSA-201701-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-21" }, { "reference_url": "https://usn.ubuntu.com/3010-1/", "reference_id": "USN-3010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3010-1/" }, { "reference_url": "https://usn.ubuntu.com/3013-1/", "reference_id": "USN-3013-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3013-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4626?format=api", "purl": "pkg:deb/debian/expat@2.1.0-6%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-5de4-qewv-2uck" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-7t2y-ppma-aqe1" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-awcv-w3zr-ebhp" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-axy3-4epf-p3dw" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-ea8u-5x5j-dkch" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yw5f-radc-t7g9" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0-6%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/5046?format=api", "purl": "pkg:deb/debian/expat@2.2.0-2%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.0-2%252Bdeb9u3" } ], "aliases": [ "CVE-2012-6702" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axy3-4epf-p3dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67050?format=api", "vulnerability_id": "VCID-b1tx-zbgd-cuh6", "summary": "addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22822.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22822.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01329", "scoring_system": "epss", "scoring_elements": "0.80278", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01329", "scoring_system": "epss", "scoring_elements": "0.80303", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474", "reference_id": "1003474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457", "reference_id": "2044457", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0818", "reference_id": "RHSA-2022:0818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0824", "reference_id": "RHSA-2022:0824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0845", "reference_id": "RHSA-2022:0845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0850", "reference_id": "RHSA-2022:0850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" } ], "aliases": [ "CVE-2022-22822" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b1tx-zbgd-cuh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67056?format=api", "vulnerability_id": "VCID-c4xs-r16x-1qc4", "summary": "storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22827.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22827.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.5156", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51619", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474", "reference_id": "1003474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488", "reference_id": "2044488", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" } ], "aliases": [ "CVE-2022-22827" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c4xs-r16x-1qc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1586?format=api", "vulnerability_id": "VCID-cvna-73ya-gbg5", "summary": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early. A subsequent call to XML_GetCurrentLineNumber or XML_GetCurrentColumnNumber then resulted in a heap-based buffer over-read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15903.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15903.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15903", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42404", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42328", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15903" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://seclists.org/bugtraq/2019/Nov/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Nov/1" }, { "reference_url": "https://seclists.org/bugtraq/2019/Dec/17", "reference_id": "17", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Dec/17" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752592", "reference_id": "1752592", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752592" }, { "reference_url": "https://seclists.org/bugtraq/2019/Dec/21", "reference_id": "21", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Dec/21" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Dec/23", "reference_id": "23", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Dec/23" }, { "reference_url": "https://seclists.org/bugtraq/2019/Dec/23", "reference_id": "23", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Dec/23" }, { "reference_url": "https://seclists.org/bugtraq/2019/Nov/24", "reference_id": "24", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Nov/24" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Dec/26", "reference_id": "26", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Dec/26" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Dec/27", "reference_id": "27", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Dec/27" }, { "reference_url": "https://seclists.org/bugtraq/2019/Oct/29", "reference_id": "29", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Oct/29" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Dec/30", "reference_id": "30", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Dec/30" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/30", "reference_id": "30", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Sep/30" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/317", "reference_id": "317", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/317" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/318", "reference_id": "318", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/318" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/342", "reference_id": "342", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/342" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/37", "reference_id": "37", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Sep/37" }, { "reference_url": "https://usn.ubuntu.com/4132-1/", "reference_id": "4132-1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://usn.ubuntu.com/4132-1/" }, { "reference_url": "https://usn.ubuntu.com/4132-2/", "reference_id": "4132-2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://usn.ubuntu.com/4132-2/" }, { "reference_url": "https://usn.ubuntu.com/4165-1/", "reference_id": "4165-1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://usn.ubuntu.com/4165-1/" }, { "reference_url": "https://usn.ubuntu.com/4202-1/", "reference_id": "4202-1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://usn.ubuntu.com/4202-1/" }, { "reference_url": "https://usn.ubuntu.com/4335-1/", "reference_id": "4335-1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://usn.ubuntu.com/4335-1/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939394", "reference_id": "939394", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939394" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/", "reference_id": "A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/" }, { "reference_url": "https://security.archlinux.org/ASA-201910-15", "reference_id": "ASA-201910-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-15" }, { "reference_url": "https://security.archlinux.org/ASA-201910-16", "reference_id": "ASA-201910-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-16" }, { "reference_url": "https://security.archlinux.org/ASA-201910-17", "reference_id": "ASA-201910-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-17" }, { "reference_url": "https://security.archlinux.org/AVG-1053", "reference_id": "AVG-1053", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1053" }, { "reference_url": "https://security.archlinux.org/AVG-1054", "reference_id": "AVG-1054", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1054" }, { "reference_url": "https://security.archlinux.org/AVG-1055", "reference_id": "AVG-1055", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1055" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/", "reference_id": "BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/" }, { "reference_url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", "reference_id": "c20b758c332d9a13afbbb276d30db1d183a85d43", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4530", "reference_id": "dsa-4530", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4530" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4549", "reference_id": "dsa-4549", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4549" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4571", "reference_id": "dsa-4571", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4571" }, { "reference_url": "https://security.gentoo.org/glsa/201911-08", "reference_id": "GLSA-201911-08", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://security.gentoo.org/glsa/201911-08" }, { "reference_url": "https://support.apple.com/kb/HT210785", "reference_id": "HT210785", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210785" }, { "reference_url": "https://support.apple.com/kb/HT210788", "reference_id": "HT210788", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210788" }, { "reference_url": "https://support.apple.com/kb/HT210789", "reference_id": "HT210789", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210789" }, { "reference_url": "https://support.apple.com/kb/HT210790", "reference_id": "HT210790", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210790" }, { "reference_url": "https://support.apple.com/kb/HT210793", "reference_id": "HT210793", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210793" }, { "reference_url": "https://support.apple.com/kb/HT210794", "reference_id": "HT210794", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210794" }, { "reference_url": "https://support.apple.com/kb/HT210795", "reference_id": "HT210795", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210795" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-33", "reference_id": "mfsa2019-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-33" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34", "reference_id": "mfsa2019-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-35", "reference_id": "mfsa2019-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-35" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html", "reference_id": "msg00000.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html", "reference_id": "msg00002.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html", "reference_id": "msg00003.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html", "reference_id": "msg00006.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html", "reference_id": "msg00008.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html", "reference_id": "msg00013.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html", "reference_id": "msg00016.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html", "reference_id": "msg00017.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html", "reference_id": "msg00017.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html", "reference_id": "msg00018.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html", "reference_id": "msg00019.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", "reference_id": "msg00040.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html", "reference_id": "msg00080.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html", "reference_id": "msg00081.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190926-0004/", "reference_id": "ntap-20190926-0004", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190926-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3193", "reference_id": "RHSA-2019:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3196", "reference_id": "RHSA-2019:3196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3210", "reference_id": "RHSA-2019:3210", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3237", "reference_id": "RHSA-2019:3237", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3756", "reference_id": "RHSA-2019:3756", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3952", "reference_id": "RHSA-2020:3952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3952" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4484", "reference_id": "RHSA-2020:4484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/", "reference_id": "S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/" }, { "reference_url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html", "reference_id": "Slackware-Security-Advisory-expat-Updates.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html" }, { "reference_url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html", "reference_id": "Slackware-Security-Advisory-mozilla-firefox-Updates.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html" }, { "reference_url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html", "reference_id": "Slackware-Security-Advisory-python-Updates.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html" }, { "reference_url": "https://www.tenable.com/security/tns-2021-11", "reference_id": "tns-2021-11", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://www.tenable.com/security/tns-2021-11" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4852-1/", "reference_id": "USN-USN-4852-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4852-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5046?format=api", "purl": "pkg:deb/debian/expat@2.2.0-2%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.0-2%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6492?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rcd-tvec-q7e5" }, { "vulnerability": "VCID-2ptf-rmup-ebeu" }, { "vulnerability": "VCID-abbh-mbgq-mkbu" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b9bc-gdyw-ufb9" }, { "vulnerability": "VCID-d2db-wju5-4khw" }, { "vulnerability": "VCID-esw2-bybb-xkcm" }, { "vulnerability": "VCID-nqpv-xqew-d7et" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-t3np-c4np-kff8" }, { "vulnerability": "VCID-tyba-j6k8-z3hh" }, { "vulnerability": "VCID-wxuh-ewtr-wqht" }, { "vulnerability": "VCID-xayk-1q4b-f3ez" }, { "vulnerability": "VCID-zxh1-jrat-y7bu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5" } ], "aliases": [ "CVE-2019-15903" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cvna-73ya-gbg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/276?format=api", "vulnerability_id": "VCID-ea8u-5x5j-dkch", "summary": "An integer overflow during the parsing of XML using the Expat library.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9063.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9063.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9063", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0271", "scoring_system": "epss", "scoring_elements": "0.86185", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0271", "scoring_system": "epss", "scoring_elements": "0.86205", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9063" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396540", "reference_id": "1396540", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396540" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/ASA-201706-32", "reference_id": "ASA-201706-32", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-32" }, { "reference_url": "https://security.archlinux.org/ASA-201707-27", "reference_id": "ASA-201707-27", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-27" }, { "reference_url": "https://security.archlinux.org/AVG-305", "reference_id": "AVG-305", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-305" }, { "reference_url": "https://security.archlinux.org/AVG-306", "reference_id": "AVG-306", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-306" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5046?format=api", "purl": "pkg:deb/debian/expat@2.2.0-2%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.0-2%252Bdeb9u3" } ], "aliases": [ "CVE-2016-9063" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ea8u-5x5j-dkch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67049?format=api", "vulnerability_id": "VCID-fmb1-xbbj-bkgy", "summary": "In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46143.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46143.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04193", "scoring_system": "epss", "scoring_elements": "0.88917", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04193", "scoring_system": "epss", "scoring_elements": "0.88934", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012179", "reference_id": "1012179", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012179" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455", "reference_id": "2044455", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/01/17/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/532", "reference_id": "532", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/532" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/538", "reference_id": "538", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/538" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5073", "reference_id": "dsa-5073", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5073" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220121-0006/", "reference_id": "ntap-20220121-0006", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220121-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://www.tenable.com/security/tns-2022-05", "reference_id": "tns-2022-05", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://www.tenable.com/security/tns-2022-05" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/7913-1/", "reference_id": "USN-7913-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7913-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6492?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rcd-tvec-q7e5" }, { "vulnerability": "VCID-2ptf-rmup-ebeu" }, { "vulnerability": "VCID-abbh-mbgq-mkbu" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b9bc-gdyw-ufb9" }, { "vulnerability": "VCID-d2db-wju5-4khw" }, { "vulnerability": "VCID-esw2-bybb-xkcm" }, { "vulnerability": "VCID-nqpv-xqew-d7et" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-t3np-c4np-kff8" }, { "vulnerability": "VCID-tyba-j6k8-z3hh" }, { "vulnerability": "VCID-wxuh-ewtr-wqht" }, { "vulnerability": "VCID-xayk-1q4b-f3ez" }, { "vulnerability": "VCID-zxh1-jrat-y7bu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5" } ], "aliases": [ "CVE-2021-46143" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fmb1-xbbj-bkgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67048?format=api", "vulnerability_id": "VCID-jjsf-a6zv-x7ce", "summary": "In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45960.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45960.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.55", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.55058", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002994", "reference_id": "1002994", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002994" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451", "reference_id": "2044451", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/01/17/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/531", "reference_id": "531", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/531" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/534", "reference_id": "534", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/534" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5073", "reference_id": "dsa-5073", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5073" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220121-0004/", "reference_id": "ntap-20220121-0004", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220121-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609", "reference_id": "show_bug.cgi?id=1217609", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://www.tenable.com/security/tns-2022-05", "reference_id": "tns-2022-05", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://www.tenable.com/security/tns-2022-05" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6492?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rcd-tvec-q7e5" }, { "vulnerability": "VCID-2ptf-rmup-ebeu" }, { "vulnerability": "VCID-abbh-mbgq-mkbu" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b9bc-gdyw-ufb9" }, { "vulnerability": "VCID-d2db-wju5-4khw" }, { "vulnerability": "VCID-esw2-bybb-xkcm" }, { "vulnerability": "VCID-nqpv-xqew-d7et" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-t3np-c4np-kff8" }, { "vulnerability": "VCID-tyba-j6k8-z3hh" }, { "vulnerability": "VCID-wxuh-ewtr-wqht" }, { "vulnerability": "VCID-xayk-1q4b-f3ez" }, { "vulnerability": "VCID-zxh1-jrat-y7bu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5" } ], "aliases": [ "CVE-2021-45960" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jjsf-a6zv-x7ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67061?format=api", "vulnerability_id": "VCID-m4uh-8qed-4yc1", "summary": "In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25313.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25313.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25313", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35935", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.3603", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/02/19/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056350", "reference_id": "2056350", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056350" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", "reference_id": "3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/558", "reference_id": "558", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/558" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5085", "reference_id": "dsa-5085", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5085" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", "reference_id": "msg00007.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0008/", "reference_id": "ntap-20220303-0008", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5244", "reference_id": "RHSA-2022:5244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5314", "reference_id": "RHSA-2022:5314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7811", "reference_id": "RHSA-2022:7811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7811" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://usn.ubuntu.com/5320-1/", "reference_id": "USN-5320-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5320-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", "reference_id": "Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" } ], "aliases": [ "CVE-2022-25313" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4uh-8qed-4yc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67057?format=api", "vulnerability_id": "VCID-m6ep-4wx5-7ub7", "summary": "Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23852.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23852.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01618", "scoring_system": "epss", "scoring_elements": "0.82148", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01618", "scoring_system": "epss", "scoring_elements": "0.82177", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613", "reference_id": "2044613", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/550", "reference_id": "550", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:42Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/550" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5073", "reference_id": "dsa-5073", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:42Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5073" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:42Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", "reference_id": "msg00007.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:42Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220217-0001/", "reference_id": "ntap-20220217-0001", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:42Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220217-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4834", "reference_id": "RHSA-2022:4834", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4834" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:42Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://www.tenable.com/security/tns-2022-05", "reference_id": "tns-2022-05", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:42Z/" } ], "url": "https://www.tenable.com/security/tns-2022-05" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6492?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rcd-tvec-q7e5" }, { "vulnerability": "VCID-2ptf-rmup-ebeu" }, { "vulnerability": "VCID-abbh-mbgq-mkbu" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b9bc-gdyw-ufb9" }, { "vulnerability": "VCID-d2db-wju5-4khw" }, { "vulnerability": "VCID-esw2-bybb-xkcm" }, { "vulnerability": "VCID-nqpv-xqew-d7et" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-t3np-c4np-kff8" }, { "vulnerability": "VCID-tyba-j6k8-z3hh" }, { "vulnerability": "VCID-wxuh-ewtr-wqht" }, { "vulnerability": "VCID-xayk-1q4b-f3ez" }, { "vulnerability": "VCID-zxh1-jrat-y7bu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5" } ], "aliases": [ "CVE-2022-23852" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m6ep-4wx5-7ub7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67066?format=api", "vulnerability_id": "VCID-neqa-tg96-r3bs", "summary": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25315.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25315.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25315", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08995", "scoring_system": "epss", "scoring_elements": "0.92764", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08995", "scoring_system": "epss", "scoring_elements": "0.92776", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25315" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/02/19/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:38Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363", "reference_id": "2056363", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", "reference_id": "3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:38Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/559", "reference_id": "559", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:38Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/559" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5085", "reference_id": "dsa-5085", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:38Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5085" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:38Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", "reference_id": "msg00007.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:38Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0008/", "reference_id": "ntap-20220303-0008", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:38Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0815", "reference_id": "RHSA-2022:0815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0816", "reference_id": "RHSA-2022:0816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0817", "reference_id": "RHSA-2022:0817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0818", "reference_id": "RHSA-2022:0818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0824", "reference_id": "RHSA-2022:0824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0843", "reference_id": "RHSA-2022:0843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0845", "reference_id": "RHSA-2022:0845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0847", "reference_id": "RHSA-2022:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0850", "reference_id": "RHSA-2022:0850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0853", "reference_id": "RHSA-2022:0853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1012", "reference_id": "RHSA-2022:1012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1053", "reference_id": "RHSA-2022:1053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1053" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1068", "reference_id": "RHSA-2022:1068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1070", "reference_id": "RHSA-2022:1070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1263", "reference_id": "RHSA-2022:1263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1309", "reference_id": "RHSA-2022:1309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7811", "reference_id": "RHSA-2022:7811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7811" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:38Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://usn.ubuntu.com/5320-1/", "reference_id": "USN-5320-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5320-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", "reference_id": "Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:38Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6492?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rcd-tvec-q7e5" }, { "vulnerability": "VCID-2ptf-rmup-ebeu" }, { "vulnerability": "VCID-abbh-mbgq-mkbu" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b9bc-gdyw-ufb9" }, { "vulnerability": "VCID-d2db-wju5-4khw" }, { "vulnerability": "VCID-esw2-bybb-xkcm" }, { "vulnerability": "VCID-nqpv-xqew-d7et" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-t3np-c4np-kff8" }, { "vulnerability": "VCID-tyba-j6k8-z3hh" }, { "vulnerability": "VCID-wxuh-ewtr-wqht" }, { "vulnerability": "VCID-xayk-1q4b-f3ez" }, { "vulnerability": "VCID-zxh1-jrat-y7bu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5" } ], "aliases": [ "CVE-2022-25315" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-neqa-tg96-r3bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41117?format=api", "vulnerability_id": "VCID-qh6t-bcd8-9qf7", "summary": "Improper Restriction of XML External Entity Reference\n`libexpat` in Expat, XML input including XML names that contain many colons could make the XML parser consume a high amount of RAM and CPU resources while processing, leading to a possible denial-of-service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20843.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20843.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20843", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05584", "scoring_system": "epss", "scoring_elements": "0.90476", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05584", "scoring_system": "epss", "scoring_elements": "0.90461", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20843" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/186", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/186" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6", "reference_id": "11f8838bf99ea0a6f0b76f9760c43704d00c4ff6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723723", "reference_id": "1723723", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723723" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/262", "reference_id": "262", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/262" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/39", "reference_id": "39", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://seclists.org/bugtraq/2019/Jun/39" }, { "reference_url": "https://usn.ubuntu.com/4040-1/", "reference_id": "4040-1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://usn.ubuntu.com/4040-1/" }, { "reference_url": "https://usn.ubuntu.com/4040-2/", "reference_id": "4040-2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://usn.ubuntu.com/4040-2/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031", "reference_id": "931031", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/", "reference_id": "CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/" }, { "reference_url": "https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes", "reference_id": "Changes", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20843", "reference_id": "CVE-2018-20843", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20843" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4472", "reference_id": "dsa-4472", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4472" }, { "reference_url": "https://security.gentoo.org/glsa/201911-08", "reference_id": "GLSA-201911-08", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://security.gentoo.org/glsa/201911-08" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/", "reference_id": "IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/" }, { "reference_url": "https://support.f5.com/csp/article/K51011533", "reference_id": "K51011533", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://support.f5.com/csp/article/K51011533" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html", "reference_id": "msg00028.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html", "reference_id": "msg00039.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190703-0001/", "reference_id": "ntap-20190703-0001", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190703-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3952", "reference_id": "RHSA-2020:3952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3952" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4484", "reference_id": "RHSA-2020:4484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4846", "reference_id": "RHSA-2020:4846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://www.tenable.com/security/tns-2021-11", "reference_id": "tns-2021-11", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://www.tenable.com/security/tns-2021-11" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4852-1/", "reference_id": "USN-USN-4852-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4852-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5046?format=api", "purl": "pkg:deb/debian/expat@2.2.0-2%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.0-2%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" } ], "aliases": [ "CVE-2018-20843" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qh6t-bcd8-9qf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67059?format=api", "vulnerability_id": "VCID-r4fb-ztrr-h7ct", "summary": "xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25235.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25235.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25235", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11027", "scoring_system": "epss", "scoring_elements": "0.93575", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11027", "scoring_system": "epss", "scoring_elements": "0.93585", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/02/19/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005894", "reference_id": "1005894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366", "reference_id": "2056366", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", "reference_id": "3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/562", "reference_id": "562", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:39Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/562" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5085", "reference_id": "dsa-5085", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:39Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5085" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:39Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", "reference_id": "msg00007.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:39Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0008/", "reference_id": "ntap-20220303-0008", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:39Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0815", "reference_id": "RHSA-2022:0815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0816", "reference_id": "RHSA-2022:0816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0817", "reference_id": "RHSA-2022:0817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0818", "reference_id": "RHSA-2022:0818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0824", "reference_id": "RHSA-2022:0824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0843", "reference_id": "RHSA-2022:0843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0845", "reference_id": "RHSA-2022:0845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0847", "reference_id": "RHSA-2022:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0850", "reference_id": "RHSA-2022:0850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0853", "reference_id": "RHSA-2022:0853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1012", "reference_id": "RHSA-2022:1012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1053", "reference_id": "RHSA-2022:1053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1053" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1068", "reference_id": "RHSA-2022:1068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1070", "reference_id": "RHSA-2022:1070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1263", "reference_id": "RHSA-2022:1263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1309", "reference_id": "RHSA-2022:1309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1539", "reference_id": "RHSA-2022:1539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1539" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1540", "reference_id": "RHSA-2022:1540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1540" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1643", "reference_id": "RHSA-2022:1643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1643" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1644", "reference_id": "RHSA-2022:1644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7811", "reference_id": "RHSA-2022:7811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7811" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:39Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/8235-1/", "reference_id": "USN-8235-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8235-1/" }, { "reference_url": "https://usn.ubuntu.com/8240-1/", "reference_id": "USN-8240-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8240-1/" }, { "reference_url": "https://usn.ubuntu.com/8241-1/", "reference_id": "USN-8241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8241-1/" }, { "reference_url": "https://usn.ubuntu.com/8313-1/", "reference_id": "USN-8313-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8313-1/" }, { "reference_url": "https://usn.ubuntu.com/8314-1/", "reference_id": "USN-8314-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8314-1/" }, { "reference_url": "https://usn.ubuntu.com/8316-1/", "reference_id": "USN-8316-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8316-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", "reference_id": "Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" } ], "aliases": [ "CVE-2022-25235" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r4fb-ztrr-h7ct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67055?format=api", "vulnerability_id": "VCID-r7ez-wbjc-2fbb", "summary": "nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22826.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22826.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42775", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42849", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474", "reference_id": "1003474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484", "reference_id": "2044484", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6492?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rcd-tvec-q7e5" }, { "vulnerability": "VCID-2ptf-rmup-ebeu" }, { "vulnerability": "VCID-abbh-mbgq-mkbu" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b9bc-gdyw-ufb9" }, { "vulnerability": "VCID-d2db-wju5-4khw" }, { "vulnerability": "VCID-esw2-bybb-xkcm" }, { "vulnerability": "VCID-nqpv-xqew-d7et" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-t3np-c4np-kff8" }, { "vulnerability": "VCID-tyba-j6k8-z3hh" }, { "vulnerability": "VCID-wxuh-ewtr-wqht" }, { "vulnerability": "VCID-xayk-1q4b-f3ez" }, { "vulnerability": "VCID-zxh1-jrat-y7bu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5" } ], "aliases": [ "CVE-2022-22826" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r7ez-wbjc-2fbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67078?format=api", "vulnerability_id": "VCID-sa41-pwkv-bqcs", "summary": "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50602.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50602.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50602", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31555", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50602" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50602" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086134", "reference_id": "1086134", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086134" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321987", "reference_id": "2321987", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321987" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/915", "reference_id": "915", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-30T18:00:51Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/915" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11200", "reference_id": "RHSA-2024:11200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9502", "reference_id": "RHSA-2024:9502", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9502" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9541", "reference_id": "RHSA-2024:9541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3350", "reference_id": "RHSA-2025:3350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3350" }, { "reference_url": "https://usn.ubuntu.com/7145-1/", "reference_id": "USN-7145-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7145-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195807?format=api", "purl": "pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rcd-tvec-q7e5" }, { "vulnerability": "VCID-2ptf-rmup-ebeu" }, { "vulnerability": "VCID-abbh-mbgq-mkbu" }, { "vulnerability": "VCID-b9bc-gdyw-ufb9" }, { "vulnerability": "VCID-d2db-wju5-4khw" }, { "vulnerability": "VCID-t3np-c4np-kff8" }, { "vulnerability": "VCID-tyba-j6k8-z3hh" }, { "vulnerability": "VCID-wxuh-ewtr-wqht" }, { "vulnerability": "VCID-xayk-1q4b-f3ez" }, { "vulnerability": "VCID-zxh1-jrat-y7bu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2" } ], "aliases": [ "CVE-2024-50602" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sa41-pwkv-bqcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/369713?format=api", "vulnerability_id": "VCID-skbw-bbxm-vkfv", "summary": "regression update", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6492?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rcd-tvec-q7e5" }, { "vulnerability": "VCID-2ptf-rmup-ebeu" }, { "vulnerability": "VCID-abbh-mbgq-mkbu" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b9bc-gdyw-ufb9" }, { "vulnerability": "VCID-d2db-wju5-4khw" }, { "vulnerability": "VCID-esw2-bybb-xkcm" }, { "vulnerability": "VCID-nqpv-xqew-d7et" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-t3np-c4np-kff8" }, { "vulnerability": "VCID-tyba-j6k8-z3hh" }, { "vulnerability": "VCID-wxuh-ewtr-wqht" }, { "vulnerability": "VCID-xayk-1q4b-f3ez" }, { "vulnerability": "VCID-zxh1-jrat-y7bu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5" } ], "aliases": [ "DSA-5085-2 expat" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-skbw-bbxm-vkfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67058?format=api", "vulnerability_id": "VCID-txe8-6w63-13ct", "summary": "Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23990.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23990.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.037", "scoring_system": "epss", "scoring_elements": "0.88158", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.037", "scoring_system": "epss", "scoring_elements": "0.88179", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23990" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048356", "reference_id": "2048356", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048356" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/", "reference_id": "34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/551", "reference_id": "551", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/551" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5073", "reference_id": "dsa-5073", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5073" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/", "reference_id": "R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7811", "reference_id": "RHSA-2022:7811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7811" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21776", "reference_id": "RHSA-2025:21776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22607", "reference_id": "RHSA-2025:22607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22842", "reference_id": "RHSA-2025:22842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://www.tenable.com/security/tns-2022-05", "reference_id": "tns-2022-05", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://www.tenable.com/security/tns-2022-05" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6492?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rcd-tvec-q7e5" }, { "vulnerability": "VCID-2ptf-rmup-ebeu" }, { "vulnerability": "VCID-abbh-mbgq-mkbu" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b9bc-gdyw-ufb9" }, { "vulnerability": "VCID-d2db-wju5-4khw" }, { "vulnerability": "VCID-esw2-bybb-xkcm" }, { "vulnerability": "VCID-nqpv-xqew-d7et" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-t3np-c4np-kff8" }, { "vulnerability": "VCID-tyba-j6k8-z3hh" }, { "vulnerability": "VCID-wxuh-ewtr-wqht" }, { "vulnerability": "VCID-xayk-1q4b-f3ez" }, { "vulnerability": "VCID-zxh1-jrat-y7bu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5" } ], "aliases": [ "CVE-2022-23990" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-txe8-6w63-13ct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67051?format=api", "vulnerability_id": "VCID-wr2a-pet6-wubr", "summary": "build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22823.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22823.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62916", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62958", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474", "reference_id": "1003474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464", "reference_id": "2044464", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/01/17/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:45Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/539", "reference_id": "539", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:45Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/539" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5073", "reference_id": "dsa-5073", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:45Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5073" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:45Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0818", "reference_id": "RHSA-2022:0818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0824", "reference_id": "RHSA-2022:0824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0845", "reference_id": "RHSA-2022:0845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0850", "reference_id": "RHSA-2022:0850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:45Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://www.tenable.com/security/tns-2022-05", "reference_id": "tns-2022-05", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:45Z/" } ], "url": "https://www.tenable.com/security/tns-2022-05" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6492?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rcd-tvec-q7e5" }, { "vulnerability": "VCID-2ptf-rmup-ebeu" }, { "vulnerability": "VCID-abbh-mbgq-mkbu" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b9bc-gdyw-ufb9" }, { "vulnerability": "VCID-d2db-wju5-4khw" }, { "vulnerability": "VCID-esw2-bybb-xkcm" }, { "vulnerability": "VCID-nqpv-xqew-d7et" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-t3np-c4np-kff8" }, { "vulnerability": "VCID-tyba-j6k8-z3hh" }, { "vulnerability": "VCID-wxuh-ewtr-wqht" }, { "vulnerability": "VCID-xayk-1q4b-f3ez" }, { "vulnerability": "VCID-zxh1-jrat-y7bu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5" } ], "aliases": [ "CVE-2022-22823" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wr2a-pet6-wubr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67044?format=api", "vulnerability_id": "VCID-yw5f-radc-t7g9", "summary": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4472.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4472.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84946", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.8497", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344251", "reference_id": "1344251", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344251" }, { "reference_url": "https://security.gentoo.org/glsa/201701-21", "reference_id": "GLSA-201701-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-21" }, { "reference_url": "https://usn.ubuntu.com/3013-1/", "reference_id": "USN-3013-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3013-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4626?format=api", "purl": "pkg:deb/debian/expat@2.1.0-6%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-5de4-qewv-2uck" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-7t2y-ppma-aqe1" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-awcv-w3zr-ebhp" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-axy3-4epf-p3dw" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-ea8u-5x5j-dkch" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yw5f-radc-t7g9" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0-6%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/5046?format=api", "purl": "pkg:deb/debian/expat@2.2.0-2%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.0-2%252Bdeb9u3" } ], "aliases": [ "CVE-2016-4472" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yw5f-radc-t7g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67064?format=api", "vulnerability_id": "VCID-yyud-cdy1-mfac", "summary": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25314.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25314.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25314", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66675", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66716", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/02/19/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056354", "reference_id": "2056354", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056354" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", "reference_id": "3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/560", "reference_id": "560", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/560" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5085", "reference_id": "dsa-5085", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5085" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0008/", "reference_id": "ntap-20220303-0008", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5244", "reference_id": "RHSA-2022:5244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5314", "reference_id": "RHSA-2022:5314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7811", "reference_id": "RHSA-2022:7811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7811" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://usn.ubuntu.com/5320-1/", "reference_id": "USN-5320-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5320-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", "reference_id": "Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5249?format=api", "purl": "pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6492?format=api", "purl": "pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rcd-tvec-q7e5" }, { "vulnerability": "VCID-2ptf-rmup-ebeu" }, { "vulnerability": "VCID-abbh-mbgq-mkbu" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b9bc-gdyw-ufb9" }, { "vulnerability": "VCID-d2db-wju5-4khw" }, { "vulnerability": "VCID-esw2-bybb-xkcm" }, { "vulnerability": "VCID-nqpv-xqew-d7et" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-t3np-c4np-kff8" }, { "vulnerability": "VCID-tyba-j6k8-z3hh" }, { "vulnerability": "VCID-wxuh-ewtr-wqht" }, { "vulnerability": "VCID-xayk-1q4b-f3ez" }, { "vulnerability": "VCID-zxh1-jrat-y7bu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5" } ], "aliases": [ "CVE-2022-25314" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yyud-cdy1-mfac" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67032?format=api", "vulnerability_id": "VCID-4rdr-ar4q-5bbs", "summary": "The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0876.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0876.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0876", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37367", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37459", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663579", "reference_id": "663579", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663579" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687672", "reference_id": "687672", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687672" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=786617", "reference_id": "786617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=786617" }, { "reference_url": "https://security.gentoo.org/glsa/201209-06", "reference_id": "GLSA-201209-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0731", "reference_id": "RHSA-2012:0731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0062", "reference_id": "RHSA-2016:0062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2957", "reference_id": "RHSA-2016:2957", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2957" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3239", "reference_id": "RHSA-2017:3239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "reference_url": "https://usn.ubuntu.com/1527-1/", "reference_id": "USN-1527-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1527-1/" }, { "reference_url": "https://usn.ubuntu.com/1527-2/", "reference_id": "USN-1527-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1527-2/" }, { "reference_url": "https://usn.ubuntu.com/1613-1/", "reference_id": "USN-1613-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1613-1/" }, { "reference_url": "https://usn.ubuntu.com/1613-2/", "reference_id": "USN-1613-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1613-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4624?format=api", "purl": "pkg:deb/debian/expat@2.1.0-1%2Bdeb7u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-5de4-qewv-2uck" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-7t2y-ppma-aqe1" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-awcv-w3zr-ebhp" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-axy3-4epf-p3dw" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-ea8u-5x5j-dkch" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yw5f-radc-t7g9" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0-1%252Bdeb7u2" } ], "aliases": [ "CVE-2012-0876" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4rdr-ar4q-5bbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67040?format=api", "vulnerability_id": "VCID-5de4-qewv-2uck", "summary": "Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1283.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1283.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.6722", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.6726", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1266", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1266" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1267" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1268", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1268" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1272", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1272" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1273", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1273" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1274", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1274" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1276", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1276" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1278", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1278" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1279", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1279" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1280", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1280" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1282", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1282" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1288", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1288" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1289", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1289" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245587", "reference_id": "1245587", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245587" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793484", "reference_id": "793484", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793484" }, { "reference_url": "https://security.gentoo.org/glsa/201603-09", "reference_id": "GLSA-201603-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201603-09" }, { "reference_url": "https://security.gentoo.org/glsa/201701-21", "reference_id": "GLSA-201701-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1499", "reference_id": "RHSA-2015:1499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1499" }, { "reference_url": "https://usn.ubuntu.com/2677-1/", "reference_id": "USN-2677-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2677-1/" }, { "reference_url": "https://usn.ubuntu.com/2726-1/", "reference_id": "USN-2726-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2726-1/" }, { "reference_url": "https://usn.ubuntu.com/3013-1/", "reference_id": "USN-3013-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3013-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4772-1/", "reference_id": "USN-USN-4772-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4772-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4624?format=api", "purl": "pkg:deb/debian/expat@2.1.0-1%2Bdeb7u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-5de4-qewv-2uck" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-7t2y-ppma-aqe1" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-awcv-w3zr-ebhp" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-axy3-4epf-p3dw" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-ea8u-5x5j-dkch" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yw5f-radc-t7g9" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0-1%252Bdeb7u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/4626?format=api", "purl": "pkg:deb/debian/expat@2.1.0-6%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-5de4-qewv-2uck" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-7t2y-ppma-aqe1" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-awcv-w3zr-ebhp" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-axy3-4epf-p3dw" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-ea8u-5x5j-dkch" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yw5f-radc-t7g9" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0-6%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/5046?format=api", "purl": "pkg:deb/debian/expat@2.2.0-2%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.0-2%252Bdeb9u3" } ], "aliases": [ "CVE-2015-1283" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5de4-qewv-2uck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67035?format=api", "vulnerability_id": "VCID-cbt4-k6yr-63g8", "summary": "Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1148.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1148.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00973", "scoring_system": "epss", "scoring_elements": "0.77009", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00973", "scoring_system": "epss", "scoring_elements": "0.77042", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1148" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663579", "reference_id": "663579", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663579" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687672", "reference_id": "687672", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687672" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=801648", "reference_id": "801648", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=801648" }, { "reference_url": "https://security.gentoo.org/glsa/201209-06", "reference_id": "GLSA-201209-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0731", "reference_id": "RHSA-2012:0731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2957", "reference_id": "RHSA-2016:2957", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2957" }, { "reference_url": "https://usn.ubuntu.com/1527-1/", "reference_id": "USN-1527-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1527-1/" }, { "reference_url": "https://usn.ubuntu.com/1527-2/", "reference_id": "USN-1527-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1527-2/" }, { "reference_url": "https://usn.ubuntu.com/1613-1/", "reference_id": "USN-1613-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1613-1/" }, { "reference_url": "https://usn.ubuntu.com/1613-2/", "reference_id": "USN-1613-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1613-2/" }, { "reference_url": "https://usn.ubuntu.com/7307-1/", "reference_id": "USN-7307-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7307-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4624?format=api", "purl": "pkg:deb/debian/expat@2.1.0-1%2Bdeb7u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4y75-sfzb-kbf3" }, { "vulnerability": "VCID-5de4-qewv-2uck" }, { "vulnerability": "VCID-7dfh-6k5v-cfdg" }, { "vulnerability": "VCID-7t2y-ppma-aqe1" }, { "vulnerability": "VCID-8t4w-nhhm-dyge" }, { "vulnerability": "VCID-92u6-xmte-1khx" }, { "vulnerability": "VCID-961d-c3an-dfg7" }, { "vulnerability": "VCID-awcv-w3zr-ebhp" }, { "vulnerability": "VCID-ax2q-63fe-fqes" }, { "vulnerability": "VCID-axy3-4epf-p3dw" }, { "vulnerability": "VCID-b1tx-zbgd-cuh6" }, { "vulnerability": "VCID-c4xs-r16x-1qc4" }, { "vulnerability": "VCID-cvna-73ya-gbg5" }, { "vulnerability": "VCID-ea8u-5x5j-dkch" }, { "vulnerability": "VCID-fmb1-xbbj-bkgy" }, { "vulnerability": "VCID-jjsf-a6zv-x7ce" }, { "vulnerability": "VCID-m4uh-8qed-4yc1" }, { "vulnerability": "VCID-m6ep-4wx5-7ub7" }, { "vulnerability": "VCID-neqa-tg96-r3bs" }, { "vulnerability": "VCID-qh6t-bcd8-9qf7" }, { "vulnerability": "VCID-r4fb-ztrr-h7ct" }, { "vulnerability": "VCID-r7ez-wbjc-2fbb" }, { "vulnerability": "VCID-sa41-pwkv-bqcs" }, { "vulnerability": "VCID-skbw-bbxm-vkfv" }, { "vulnerability": "VCID-txe8-6w63-13ct" }, { "vulnerability": "VCID-wr2a-pet6-wubr" }, { "vulnerability": "VCID-yw5f-radc-t7g9" }, { "vulnerability": "VCID-yyud-cdy1-mfac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0-1%252Bdeb7u2" } ], "aliases": [ "CVE-2012-1148" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbt4-k6yr-63g8" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0-1%252Bdeb7u2" }