Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1
Typedeb
Namespacedebian
Nameerlang
Version1:27.3.4.1+dfsg-1+deb13u1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-c47m-8h7d-afaz
vulnerability_id VCID-c47m-8h7d-afaz
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32147
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.03999
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32147
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32147
2
reference_url https://github.com/erlang/otp/commit/28c5d5a6c5f873dc701b597276271763e7d1c004
reference_id 28c5d5a6c5f873dc701b597276271763e7d1c004
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/
url https://github.com/erlang/otp/commit/28c5d5a6c5f873dc701b597276271763e7d1c004
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
4
reference_url https://cna.erlef.org/cves/CVE-2026-32147.html
reference_id CVE-2026-32147.html
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/
url https://cna.erlef.org/cves/CVE-2026-32147.html
5
reference_url https://osv.dev/vulnerability/EEF-CVE-2026-32147
reference_id EEF-CVE-2026-32147
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/
url https://osv.dev/vulnerability/EEF-CVE-2026-32147
6
reference_url https://github.com/erlang/otp/security/advisories/GHSA-28jg-mw9x-hpm5
reference_id GHSA-28jg-mw9x-hpm5
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/
url https://github.com/erlang/otp/security/advisories/GHSA-28jg-mw9x-hpm5
7
reference_url https://www.erlang.org/doc/system/versions.html#order-of-versions
reference_id versions.html#order-of-versions
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/
url https://www.erlang.org/doc/system/versions.html#order-of-versions
fixed_packages
0
url pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-1
purl pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-1
aliases CVE-2026-32147
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c47m-8h7d-afaz
1
url VCID-gcn7-ak4r-eba3
vulnerability_id VCID-gcn7-ak4r-eba3
summary 
Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias.

When script_alias maps a URL prefix to a directory outside DocumentRoot, mod_auth evaluates directory-based access controls against the DocumentRoot-relative path while mod_cgi executes the script at the ScriptAlias-resolved path. This path mismatch allows unauthenticated access to CGI scripts that directory rules were meant to protect.

This vulnerability is associated with program files lib/inets/src/http_server/mod_alias.erl, lib/inets/src/http_server/mod_auth.erl, and lib/inets/src/http_server/mod_cgi.erl.

This issue affects OTP from OTP 17.0 until OTP 28.4.2, 27.3.4.10 and 26.2.5.19 corresponding to inets from 5.10 until 9.6.2, 9.3.2.4 and 9.1.0.6.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28808.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28808.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28808
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.05678
published_at 2026-04-21T12:55:00Z
1
value 0.00049
scoring_system epss
scoring_elements 0.15168
published_at 2026-04-08T12:55:00Z
2
value 0.00049
scoring_system epss
scoring_elements 0.15151
published_at 2026-04-12T12:55:00Z
3
value 0.00049
scoring_system epss
scoring_elements 0.15189
published_at 2026-04-11T12:55:00Z
4
value 0.00049
scoring_system epss
scoring_elements 0.1522
published_at 2026-04-09T12:55:00Z
5
value 0.00064
scoring_system epss
scoring_elements 0.20002
published_at 2026-04-13T12:55:00Z
6
value 0.00064
scoring_system epss
scoring_elements 0.19986
published_at 2026-04-18T12:55:00Z
7
value 0.00064
scoring_system epss
scoring_elements 0.19983
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28808
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28808
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28808
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455909
reference_id 2455909
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455909
5
reference_url https://github.com/erlang/otp/commit/8fc71ac6af4fbcc54103bec2983ef22e82942688
reference_id 8fc71ac6af4fbcc54103bec2983ef22e82942688
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/
url https://github.com/erlang/otp/commit/8fc71ac6af4fbcc54103bec2983ef22e82942688
6
reference_url https://github.com/erlang/otp/commit/9dfa0c51eac97866078e808dec2183cb7871ff7c
reference_id 9dfa0c51eac97866078e808dec2183cb7871ff7c
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/
url https://github.com/erlang/otp/commit/9dfa0c51eac97866078e808dec2183cb7871ff7c
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
8
reference_url https://cna.erlef.org/cves/CVE-2026-28808.html
reference_id CVE-2026-28808.html
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/
url https://cna.erlef.org/cves/CVE-2026-28808.html
9
reference_url https://osv.dev/vulnerability/EEF-CVE-2026-28808
reference_id EEF-CVE-2026-28808
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/
url https://osv.dev/vulnerability/EEF-CVE-2026-28808
10
reference_url https://github.com/erlang/otp/security/advisories/GHSA-3vhp-h532-mc3f
reference_id GHSA-3vhp-h532-mc3f
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/
url https://github.com/erlang/otp/security/advisories/GHSA-3vhp-h532-mc3f
11
reference_url https://www.erlang.org/doc/system/versions.html#order-of-versions
reference_id versions.html#order-of-versions
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/
url https://www.erlang.org/doc/system/versions.html#order-of-versions
fixed_packages
0
url pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1
purl pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c47m-8h7d-afaz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1
aliases CVE-2026-28808
risk_score 3.8
exploitability 0.5
weighted_severity 7.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gcn7-ak4r-eba3
2
url VCID-h1k4-x8vr-5bch
vulnerability_id VCID-h1k4-x8vr-5bch
summary Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication without any size limit, enabling reliable memory exhaustion DoS. Two compression algorithms are affected: * zlib: Activates immediately after key exchange, enabling unauthenticated attacks * zlib@openssh.com: Activates post-authentication, enabling authenticated attacks Each SSH packet can decompress ~255 MB from 256 KB of wire data (1029:1 amplification ratio). Multiple packets can rapidly exhaust available memory, causing OOM kills in memory-constrained environments. This vulnerability is associated with program files lib/ssh/src/ssh_transport.erl and program routines ssh_transport:decompress/2, ssh_transport:handle_packet_part/4. This issue affects OTP from OTP 17.0 until OTP 28.4.1, 27.3.4.9 and 26.2.5.18 corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23943
reference_id
reference_type
scores
0
value 0.00053
scoring_system epss
scoring_elements 0.16609
published_at 2026-04-04T12:55:00Z
1
value 0.00053
scoring_system epss
scoring_elements 0.16546
published_at 2026-04-02T12:55:00Z
2
value 0.00121
scoring_system epss
scoring_elements 0.31129
published_at 2026-04-13T12:55:00Z
3
value 0.00121
scoring_system epss
scoring_elements 0.31173
published_at 2026-04-12T12:55:00Z
4
value 0.00121
scoring_system epss
scoring_elements 0.31217
published_at 2026-04-11T12:55:00Z
5
value 0.00121
scoring_system epss
scoring_elements 0.31212
published_at 2026-04-09T12:55:00Z
6
value 0.00121
scoring_system epss
scoring_elements 0.31181
published_at 2026-04-08T12:55:00Z
7
value 0.00121
scoring_system epss
scoring_elements 0.31128
published_at 2026-04-07T12:55:00Z
8
value 0.00132
scoring_system epss
scoring_elements 0.32717
published_at 2026-04-21T12:55:00Z
9
value 0.00132
scoring_system epss
scoring_elements 0.3277
published_at 2026-04-16T12:55:00Z
10
value 0.00132
scoring_system epss
scoring_elements 0.32746
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23943
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23943
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23943
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/erlang/otp/commit/0c1c04b191f6ab940e8fcfabce39eb5a8a6440a4
reference_id 0c1c04b191f6ab940e8fcfabce39eb5a8a6440a4
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/
url https://github.com/erlang/otp/commit/0c1c04b191f6ab940e8fcfabce39eb5a8a6440a4
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912
reference_id 1130912
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912
5
reference_url https://github.com/erlang/otp/commit/43a87b949bdff12d629a8c34146711d9da93b1b1
reference_id 43a87b949bdff12d629a8c34146711d9da93b1b1
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/
url https://github.com/erlang/otp/commit/43a87b949bdff12d629a8c34146711d9da93b1b1
6
reference_url https://github.com/erlang/otp/commit/93073c3bd338c60cd2bae715ce6a1d4ffc1a8fd3
reference_id 93073c3bd338c60cd2bae715ce6a1d4ffc1a8fd3
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/
url https://github.com/erlang/otp/commit/93073c3bd338c60cd2bae715ce6a1d4ffc1a8fd3
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
8
reference_url https://cna.erlef.org/cves/CVE-2026-23943.html
reference_id CVE-2026-23943.html
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/
url https://cna.erlef.org/cves/CVE-2026-23943.html
9
reference_url https://osv.dev/vulnerability/EEF-CVE-2026-23943
reference_id EEF-CVE-2026-23943
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/
url https://osv.dev/vulnerability/EEF-CVE-2026-23943
10
reference_url https://github.com/erlang/otp/security/advisories/GHSA-c836-qprm-jw9r
reference_id GHSA-c836-qprm-jw9r
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/
url https://github.com/erlang/otp/security/advisories/GHSA-c836-qprm-jw9r
11
reference_url https://www.erlang.org/doc/system/versions.html#order-of-versions
reference_id versions.html#order-of-versions
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/
url https://www.erlang.org/doc/system/versions.html#order-of-versions
fixed_packages
0
url pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1
purl pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gcn7-ak4r-eba3
1
vulnerability VCID-j7t3-nrjj-pfgp
2
vulnerability VCID-zegc-rj1x-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.9%252Bdfsg-1
1
url pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1
purl pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c47m-8h7d-afaz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1
aliases CVE-2026-23943
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h1k4-x8vr-5bch
3
url VCID-j7t3-nrjj-pfgp
vulnerability_id VCID-j7t3-nrjj-pfgp
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28810.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28810.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28810
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.15583
published_at 2026-04-07T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.15668
published_at 2026-04-08T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.1566
published_at 2026-04-12T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.15695
published_at 2026-04-11T12:55:00Z
4
value 0.0005
scoring_system epss
scoring_elements 0.15727
published_at 2026-04-09T12:55:00Z
5
value 0.00066
scoring_system epss
scoring_elements 0.20501
published_at 2026-04-16T12:55:00Z
6
value 0.00066
scoring_system epss
scoring_elements 0.2051
published_at 2026-04-13T12:55:00Z
7
value 0.00066
scoring_system epss
scoring_elements 0.20496
published_at 2026-04-21T12:55:00Z
8
value 0.00066
scoring_system epss
scoring_elements 0.20499
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28810
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28810
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28810
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455868
reference_id 2455868
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455868
5
reference_url https://github.com/erlang/otp/commit/36f23c9d2cc54afe83671dd7343596d7972839a5
reference_id 36f23c9d2cc54afe83671dd7343596d7972839a5
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/
url https://github.com/erlang/otp/commit/36f23c9d2cc54afe83671dd7343596d7972839a5
6
reference_url https://github.com/erlang/otp/commit/b057a9d995017b1be50d6dc02edd52382f3231b8
reference_id b057a9d995017b1be50d6dc02edd52382f3231b8
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/
url https://github.com/erlang/otp/commit/b057a9d995017b1be50d6dc02edd52382f3231b8
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
8
reference_url https://cna.erlef.org/cves/CVE-2026-28810.html
reference_id CVE-2026-28810.html
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/
url https://cna.erlef.org/cves/CVE-2026-28810.html
9
reference_url https://github.com/erlang/otp/commit/dd15e8eb03548c5e55e9915f0e91389ec6bad9fd
reference_id dd15e8eb03548c5e55e9915f0e91389ec6bad9fd
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/
url https://github.com/erlang/otp/commit/dd15e8eb03548c5e55e9915f0e91389ec6bad9fd
10
reference_url https://osv.dev/vulnerability/EEF-CVE-2026-28810
reference_id EEF-CVE-2026-28810
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/
url https://osv.dev/vulnerability/EEF-CVE-2026-28810
11
reference_url https://github.com/erlang/otp/security/advisories/GHSA-v884-5jg5-whj8
reference_id GHSA-v884-5jg5-whj8
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/
url https://github.com/erlang/otp/security/advisories/GHSA-v884-5jg5-whj8
12
reference_url https://www.erlang.org/doc/system/versions.html#order-of-versions
reference_id versions.html#order-of-versions
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/
url https://www.erlang.org/doc/system/versions.html#order-of-versions
fixed_packages
0
url pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1
purl pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c47m-8h7d-afaz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1
aliases CVE-2026-28810
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7t3-nrjj-pfgp
4
url VCID-s9qn-9qdm-j7ej
vulnerability_id VCID-s9qn-9qdm-j7ej
summary Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7. The server does not reject or normalize duplicate Content-Length headers. The earliest Content-Length in the request is used for body parsing while common reverse proxies (nginx, Apache httpd, Envoy) honor the last Content-Length value. This violates RFC 9112 Section 6.3 and allows front-end/back-end desynchronization, leaving attacker-controlled bytes queued as the start of the next request. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to inets from 5.10 until 9.6.1, 9.3.2.3 and 9.1.0.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23941
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.05607
published_at 2026-04-04T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.05569
published_at 2026-04-02T12:55:00Z
2
value 0.00023
scoring_system epss
scoring_elements 0.06244
published_at 2026-04-13T12:55:00Z
3
value 0.00023
scoring_system epss
scoring_elements 0.06254
published_at 2026-04-12T12:55:00Z
4
value 0.00023
scoring_system epss
scoring_elements 0.06259
published_at 2026-04-11T12:55:00Z
5
value 0.00023
scoring_system epss
scoring_elements 0.06269
published_at 2026-04-09T12:55:00Z
6
value 0.00023
scoring_system epss
scoring_elements 0.06231
published_at 2026-04-08T12:55:00Z
7
value 0.00023
scoring_system epss
scoring_elements 0.06188
published_at 2026-04-07T12:55:00Z
8
value 0.00025
scoring_system epss
scoring_elements 0.07062
published_at 2026-04-21T12:55:00Z
9
value 0.00025
scoring_system epss
scoring_elements 0.06944
published_at 2026-04-16T12:55:00Z
10
value 0.00025
scoring_system epss
scoring_elements 0.06928
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23941
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23941
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23941
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912
reference_id 1130912
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912
4
reference_url https://github.com/erlang/otp/commit/a4b46336fd25aa100ac602eb9a627aaead7eda18
reference_id a4b46336fd25aa100ac602eb9a627aaead7eda18
reference_type
scores
0
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/
url https://github.com/erlang/otp/commit/a4b46336fd25aa100ac602eb9a627aaead7eda18
5
reference_url https://github.com/erlang/otp/commit/a761d391d8d08316cbd7d4a86733ba932b73c45b
reference_id a761d391d8d08316cbd7d4a86733ba932b73c45b
reference_type
scores
0
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/
url https://github.com/erlang/otp/commit/a761d391d8d08316cbd7d4a86733ba932b73c45b
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
7
reference_url https://cna.erlef.org/cves/CVE-2026-23941.html
reference_id CVE-2026-23941.html
reference_type
scores
0
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/
url https://cna.erlef.org/cves/CVE-2026-23941.html
8
reference_url https://github.com/erlang/otp/commit/e775a332f623851385ab6ddb866d9b150612ddf6
reference_id e775a332f623851385ab6ddb866d9b150612ddf6
reference_type
scores
0
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/
url https://github.com/erlang/otp/commit/e775a332f623851385ab6ddb866d9b150612ddf6
9
reference_url https://osv.dev/vulnerability/EEF-CVE-2026-23941
reference_id EEF-CVE-2026-23941
reference_type
scores
0
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/
url https://osv.dev/vulnerability/EEF-CVE-2026-23941
10
reference_url https://github.com/erlang/otp/security/advisories/GHSA-w4jc-9wpv-pqh7
reference_id GHSA-w4jc-9wpv-pqh7
reference_type
scores
0
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/
url https://github.com/erlang/otp/security/advisories/GHSA-w4jc-9wpv-pqh7
11
reference_url https://www.erlang.org/doc/system/versions.html#order-of-versions
reference_id versions.html#order-of-versions
reference_type
scores
0
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/
url https://www.erlang.org/doc/system/versions.html#order-of-versions
fixed_packages
0
url pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1
purl pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gcn7-ak4r-eba3
1
vulnerability VCID-j7t3-nrjj-pfgp
2
vulnerability VCID-zegc-rj1x-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.9%252Bdfsg-1
1
url pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1
purl pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c47m-8h7d-afaz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1
aliases CVE-2026-23941
risk_score 3.1
exploitability 0.5
weighted_severity 6.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s9qn-9qdm-j7ej
5
url VCID-w9yj-xg82-kyac
vulnerability_id VCID-w9yj-xg82-kyac
summary erlang: Erlang OTP tftp_file modules: Information disclosure via relative path traversal
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21620.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21620.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-21620
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07756
published_at 2026-04-21T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.07646
published_at 2026-04-07T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.07705
published_at 2026-04-08T12:55:00Z
3
value 0.00027
scoring_system epss
scoring_elements 0.07724
published_at 2026-04-09T12:55:00Z
4
value 0.00027
scoring_system epss
scoring_elements 0.07721
published_at 2026-04-11T12:55:00Z
5
value 0.00027
scoring_system epss
scoring_elements 0.07706
published_at 2026-04-12T12:55:00Z
6
value 0.00027
scoring_system epss
scoring_elements 0.07691
published_at 2026-04-13T12:55:00Z
7
value 0.00027
scoring_system epss
scoring_elements 0.07616
published_at 2026-04-16T12:55:00Z
8
value 0.00027
scoring_system epss
scoring_elements 0.07604
published_at 2026-04-18T12:55:00Z
9
value 0.00028
scoring_system epss
scoring_elements 0.0787
published_at 2026-04-02T12:55:00Z
10
value 0.00028
scoring_system epss
scoring_elements 0.07919
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-21620
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21620
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21620
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/erlang/otp/pull/10706
reference_id 10706
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/
url https://github.com/erlang/otp/pull/10706
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128651
reference_id 1128651
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128651
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441326
reference_id 2441326
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2441326
7
reference_url https://github.com/erlang/otp/commit/3970738f687325138eb75f798054fa8960ac354e
reference_id 3970738f687325138eb75f798054fa8960ac354e
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/
url https://github.com/erlang/otp/commit/3970738f687325138eb75f798054fa8960ac354e
8
reference_url https://github.com/erlang/otp/commit/655fb95725ba2fb811740b57e106873833824344
reference_id 655fb95725ba2fb811740b57e106873833824344
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/
url https://github.com/erlang/otp/commit/655fb95725ba2fb811740b57e106873833824344
9
reference_url https://github.com/erlang/otp/commit/696fdec922661d4a3cc528fc34bc24fae8d4ad8a
reference_id 696fdec922661d4a3cc528fc34bc24fae8d4ad8a
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/
url https://github.com/erlang/otp/commit/696fdec922661d4a3cc528fc34bc24fae8d4ad8a
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
11
reference_url https://cna.erlef.org/cves/CVE-2026-21620.html
reference_id CVE-2026-21620.html
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/
url https://cna.erlef.org/cves/CVE-2026-21620.html
12
reference_url https://osv.dev/vulnerability/EEF-CVE-2026-21620
reference_id EEF-CVE-2026-21620
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/
url https://osv.dev/vulnerability/EEF-CVE-2026-21620
13
reference_url https://github.com/erlang/otp/security/advisories/GHSA-hmrc-prh3-rpvp
reference_id GHSA-hmrc-prh3-rpvp
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/
url https://github.com/erlang/otp/security/advisories/GHSA-hmrc-prh3-rpvp
14
reference_url https://www.erlang.org/doc/system/versions.html#order-of-versions
reference_id versions.html#order-of-versions
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/
url https://www.erlang.org/doc/system/versions.html#order-of-versions
fixed_packages
0
url pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1
purl pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gcn7-ak4r-eba3
1
vulnerability VCID-j7t3-nrjj-pfgp
2
vulnerability VCID-zegc-rj1x-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.9%252Bdfsg-1
1
url pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1
purl pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c47m-8h7d-afaz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1
aliases CVE-2026-21620
risk_score 2.0
exploitability 0.5
weighted_severity 4.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w9yj-xg82-kyac
6
url VCID-wwcj-hwqc-f3g7
vulnerability_id VCID-wwcj-hwqc-f3g7
summary Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2. The SFTP server uses string prefix matching via lists:prefix/2 rather than proper path component validation when checking if a path is within the configured root directory. This allows authenticated users to access sibling directories that share a common name prefix with the configured root directory. For example, if root is set to /home/user1, paths like /home/user10 or /home/user1_backup would incorrectly be considered within the root. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23942
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05493
published_at 2026-04-04T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05459
published_at 2026-04-02T12:55:00Z
2
value 0.00023
scoring_system epss
scoring_elements 0.0612
published_at 2026-04-13T12:55:00Z
3
value 0.00023
scoring_system epss
scoring_elements 0.06128
published_at 2026-04-12T12:55:00Z
4
value 0.00023
scoring_system epss
scoring_elements 0.06132
published_at 2026-04-11T12:55:00Z
5
value 0.00023
scoring_system epss
scoring_elements 0.06141
published_at 2026-04-09T12:55:00Z
6
value 0.00023
scoring_system epss
scoring_elements 0.06101
published_at 2026-04-08T12:55:00Z
7
value 0.00023
scoring_system epss
scoring_elements 0.06061
published_at 2026-04-07T12:55:00Z
8
value 0.00026
scoring_system epss
scoring_elements 0.07335
published_at 2026-04-21T12:55:00Z
9
value 0.00026
scoring_system epss
scoring_elements 0.07214
published_at 2026-04-16T12:55:00Z
10
value 0.00026
scoring_system epss
scoring_elements 0.07209
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23942
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23942
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912
reference_id 1130912
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912
4
reference_url https://github.com/erlang/otp/commit/27688a824f753d4c16371dc70e88753fb410590b
reference_id 27688a824f753d4c16371dc70e88753fb410590b
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/
url https://github.com/erlang/otp/commit/27688a824f753d4c16371dc70e88753fb410590b
5
reference_url https://github.com/erlang/otp/commit/5ed603a1211b83b8be2d1fc06d3f3bf30c3c9759
reference_id 5ed603a1211b83b8be2d1fc06d3f3bf30c3c9759
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/
url https://github.com/erlang/otp/commit/5ed603a1211b83b8be2d1fc06d3f3bf30c3c9759
6
reference_url https://github.com/erlang/otp/commit/9e0ac85d3485e7898e0da88a14be0ee2310a3b28
reference_id 9e0ac85d3485e7898e0da88a14be0ee2310a3b28
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/
url https://github.com/erlang/otp/commit/9e0ac85d3485e7898e0da88a14be0ee2310a3b28
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
8
reference_url https://cna.erlef.org/cves/CVE-2026-23942.html
reference_id CVE-2026-23942.html
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/
url https://cna.erlef.org/cves/CVE-2026-23942.html
9
reference_url https://osv.dev/vulnerability/EEF-CVE-2026-23942
reference_id EEF-CVE-2026-23942
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/
url https://osv.dev/vulnerability/EEF-CVE-2026-23942
10
reference_url https://github.com/erlang/otp/security/advisories/GHSA-4749-w85x-hw9h
reference_id GHSA-4749-w85x-hw9h
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/
url https://github.com/erlang/otp/security/advisories/GHSA-4749-w85x-hw9h
11
reference_url https://www.erlang.org/doc/system/versions.html#order-of-versions
reference_id versions.html#order-of-versions
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/
url https://www.erlang.org/doc/system/versions.html#order-of-versions
fixed_packages
0
url pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1
purl pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gcn7-ak4r-eba3
1
vulnerability VCID-j7t3-nrjj-pfgp
2
vulnerability VCID-zegc-rj1x-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.9%252Bdfsg-1
1
url pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1
purl pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c47m-8h7d-afaz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1
aliases CVE-2026-23942
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wwcj-hwqc-f3g7
7
url VCID-zegc-rj1x-ryau
vulnerability_id VCID-zegc-rj1x-ryau
summary 
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification.

The OCSP response validation in public_key:pkix_ocsp_validate/5 does not verify that a CA-designated responder certificate was cryptographically signed by the issuing CA. Instead, it only checks that the responder certificate's issuer name matches the CA's subject name and that the certificate has the OCSPSigning extended key usage. An attacker who can intercept or control OCSP responses can create a self-signed certificate with a matching issuer name and the OCSPSigning EKU, and use it to forge OCSP responses that mark revoked certificates as valid.

This affects SSL/TLS clients using OCSP stapling, which may accept connections to servers with revoked certificates, potentially transmitting sensitive data to compromised servers. Applications using the public_key:pkix_ocsp_validate/5 API directly are also affected, with impact depending on usage context.

This vulnerability is associated with program files lib/public_key/src/pubkey_ocsp.erl and program routines pubkey_ocsp:is_authorized_responder/3.

This issue affects OTP from OTP 27.0 until OTP 28.4.2 and 27.3.4.10 corresponding to public_key from 1.16 until 1.20.3 and 1.17.1.2, and ssl from 11.2 until 11.5.4 and 11.2.12.7.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32144.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32144.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32144
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10169
published_at 2026-04-08T12:55:00Z
1
value 0.00035
scoring_system epss
scoring_elements 0.10225
published_at 2026-04-12T12:55:00Z
2
value 0.00035
scoring_system epss
scoring_elements 0.10265
published_at 2026-04-11T12:55:00Z
3
value 0.00035
scoring_system epss
scoring_elements 0.10229
published_at 2026-04-09T12:55:00Z
4
value 0.00045
scoring_system epss
scoring_elements 0.13826
published_at 2026-04-16T12:55:00Z
5
value 0.00045
scoring_system epss
scoring_elements 0.13923
published_at 2026-04-13T12:55:00Z
6
value 0.00045
scoring_system epss
scoring_elements 0.13891
published_at 2026-04-21T12:55:00Z
7
value 0.00045
scoring_system epss
scoring_elements 0.1382
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32144
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455896
reference_id 2455896
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455896
4
reference_url https://github.com/erlang/otp/commit/49033a6d93a5be0ee0dce04e1fb8b4ae7de1e0c0
reference_id 49033a6d93a5be0ee0dce04e1fb8b4ae7de1e0c0
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T13:15:14Z/
url https://github.com/erlang/otp/commit/49033a6d93a5be0ee0dce04e1fb8b4ae7de1e0c0
5
reference_url https://github.com/erlang/otp/commit/ac7ff528be857c5d35eb29c7f24106e3a16d4891
reference_id ac7ff528be857c5d35eb29c7f24106e3a16d4891
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T13:15:14Z/
url https://github.com/erlang/otp/commit/ac7ff528be857c5d35eb29c7f24106e3a16d4891
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
7
reference_url https://cna.erlef.org/cves/CVE-2026-32144.html
reference_id CVE-2026-32144.html
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T13:15:14Z/
url https://cna.erlef.org/cves/CVE-2026-32144.html
8
reference_url https://osv.dev/vulnerability/EEF-CVE-2026-32144
reference_id EEF-CVE-2026-32144
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T13:15:14Z/
url https://osv.dev/vulnerability/EEF-CVE-2026-32144
9
reference_url https://github.com/erlang/otp/security/advisories/GHSA-gxrm-pf64-99xm
reference_id GHSA-gxrm-pf64-99xm
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T13:15:14Z/
url https://github.com/erlang/otp/security/advisories/GHSA-gxrm-pf64-99xm
10
reference_url https://www.erlang.org/doc/system/versions.html#order-of-versions
reference_id versions.html#order-of-versions
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T13:15:14Z/
url https://www.erlang.org/doc/system/versions.html#order-of-versions
fixed_packages
0
url pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1
purl pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c47m-8h7d-afaz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1
aliases CVE-2026-32144
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zegc-rj1x-ryau
Fixing_vulnerabilities
0
url VCID-1283-nvxm-r7cw
vulnerability_id VCID-1283-nvxm-r7cw
summary erlang: Erlang Excessive Use of System Resources
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48038.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48038.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48038
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.31511
published_at 2026-04-02T12:55:00Z
1
value 0.00123
scoring_system epss
scoring_elements 0.31553
published_at 2026-04-04T12:55:00Z
2
value 0.00149
scoring_system epss
scoring_elements 0.3542
published_at 2026-04-21T12:55:00Z
3
value 0.00149
scoring_system epss
scoring_elements 0.35472
published_at 2026-04-18T12:55:00Z
4
value 0.00156
scoring_system epss
scoring_elements 0.36422
published_at 2026-04-13T12:55:00Z
5
value 0.00156
scoring_system epss
scoring_elements 0.36443
published_at 2026-04-12T12:55:00Z
6
value 0.00156
scoring_system epss
scoring_elements 0.36479
published_at 2026-04-11T12:55:00Z
7
value 0.00156
scoring_system epss
scoring_elements 0.36471
published_at 2026-04-09T12:55:00Z
8
value 0.00156
scoring_system epss
scoring_elements 0.364
published_at 2026-04-07T12:55:00Z
9
value 0.00156
scoring_system epss
scoring_elements 0.36451
published_at 2026-04-08T12:55:00Z
10
value 0.00156
scoring_system epss
scoring_elements 0.36463
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48038
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48038
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48038
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/erlang/otp/pull/10156
reference_id 10156
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/
url https://github.com/erlang/otp/pull/10156
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115093
reference_id 1115093
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115093
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2394522
reference_id 2394522
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2394522
7
reference_url https://github.com/erlang/otp/commit/4e3bf86777ab3db7220c11d8ddabf15970ddd10a
reference_id 4e3bf86777ab3db7220c11d8ddabf15970ddd10a
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/
url https://github.com/erlang/otp/commit/4e3bf86777ab3db7220c11d8ddabf15970ddd10a
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
9
reference_url https://cna.erlef.org/cves/CVE-2025-48038.html
reference_id CVE-2025-48038.html
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/
url https://cna.erlef.org/cves/CVE-2025-48038.html
10
reference_url https://osv.dev/vulnerability/EEF-CVE-2025-48038
reference_id EEF-CVE-2025-48038
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/
url https://osv.dev/vulnerability/EEF-CVE-2025-48038
11
reference_url https://github.com/erlang/otp/commit/f09e0201ff701993dc24a08f15e524daf72db42f
reference_id f09e0201ff701993dc24a08f15e524daf72db42f
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/
url https://github.com/erlang/otp/commit/f09e0201ff701993dc24a08f15e524daf72db42f
12
reference_url https://github.com/erlang/otp/security/advisories/GHSA-pvj7-9652-7h9r
reference_id GHSA-pvj7-9652-7h9r
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/
url https://github.com/erlang/otp/security/advisories/GHSA-pvj7-9652-7h9r
13
reference_url https://usn.ubuntu.com/7831-1/
reference_id USN-7831-1
reference_type
scores
url https://usn.ubuntu.com/7831-1/
14
reference_url https://www.erlang.org/doc/system/versions.html#order-of-versions
reference_id versions.html#order-of-versions
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/
url https://www.erlang.org/doc/system/versions.html#order-of-versions
fixed_packages
0
url pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3
purl pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1283-nvxm-r7cw
1
vulnerability VCID-28fj-t5hy-x3gn
2
vulnerability VCID-c3vm-u9jn-83cs
3
vulnerability VCID-c47m-8h7d-afaz
4
vulnerability VCID-gcn7-ak4r-eba3
5
vulnerability VCID-h1k4-x8vr-5bch
6
vulnerability VCID-j7t3-nrjj-pfgp
7
vulnerability VCID-jxzt-8wru-6yhk
8
vulnerability VCID-s9qn-9qdm-j7ej
9
vulnerability VCID-w9yj-xg82-kyac
10
vulnerability VCID-wwcj-hwqc-f3g7
11
vulnerability VCID-xcks-117s-v3dd
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u3
1
url pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1
purl pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c47m-8h7d-afaz
1
vulnerability VCID-gcn7-ak4r-eba3
2
vulnerability VCID-h1k4-x8vr-5bch
3
vulnerability VCID-j7t3-nrjj-pfgp
4
vulnerability VCID-s9qn-9qdm-j7ej
5
vulnerability VCID-w9yj-xg82-kyac
6
vulnerability VCID-wwcj-hwqc-f3g7
7
vulnerability VCID-zegc-rj1x-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1
aliases CVE-2025-48038
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1283-nvxm-r7cw
1
url VCID-28fj-t5hy-x3gn
vulnerability_id VCID-28fj-t5hy-x3gn
summary erlang: Erlang Excessive Resource Consumption
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48040.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48040.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48040
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.31679
published_at 2026-04-02T12:55:00Z
1
value 0.00124
scoring_system epss
scoring_elements 0.31723
published_at 2026-04-04T12:55:00Z
2
value 0.00151
scoring_system epss
scoring_elements 0.35607
published_at 2026-04-21T12:55:00Z
3
value 0.00151
scoring_system epss
scoring_elements 0.35658
published_at 2026-04-18T12:55:00Z
4
value 0.00158
scoring_system epss
scoring_elements 0.36583
published_at 2026-04-13T12:55:00Z
5
value 0.00158
scoring_system epss
scoring_elements 0.36607
published_at 2026-04-12T12:55:00Z
6
value 0.00158
scoring_system epss
scoring_elements 0.36641
published_at 2026-04-11T12:55:00Z
7
value 0.00158
scoring_system epss
scoring_elements 0.36634
published_at 2026-04-09T12:55:00Z
8
value 0.00158
scoring_system epss
scoring_elements 0.36564
published_at 2026-04-07T12:55:00Z
9
value 0.00158
scoring_system epss
scoring_elements 0.36615
published_at 2026-04-08T12:55:00Z
10
value 0.00158
scoring_system epss
scoring_elements 0.36629
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48040
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48040
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48040
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/erlang/otp/pull/10162
reference_id 10162
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/
url https://github.com/erlang/otp/pull/10162
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115091
reference_id 1115091
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115091
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2394521
reference_id 2394521
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2394521
7
reference_url https://github.com/erlang/otp/commit/548f1295d86d0803da884db8685cc16d461d0d5a
reference_id 548f1295d86d0803da884db8685cc16d461d0d5a
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/
url https://github.com/erlang/otp/commit/548f1295d86d0803da884db8685cc16d461d0d5a
8
reference_url https://github.com/erlang/otp/commit/7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a
reference_id 7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/
url https://github.com/erlang/otp/commit/7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
10
reference_url https://cna.erlef.org/cves/CVE-2025-48040.html
reference_id CVE-2025-48040.html
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/
url https://cna.erlef.org/cves/CVE-2025-48040.html
11
reference_url https://osv.dev/vulnerability/EEF-CVE-2025-48040
reference_id EEF-CVE-2025-48040
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/
url https://osv.dev/vulnerability/EEF-CVE-2025-48040
12
reference_url https://github.com/erlang/otp/security/advisories/GHSA-h7rg-6rjg-4cph
reference_id GHSA-h7rg-6rjg-4cph
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/
url https://github.com/erlang/otp/security/advisories/GHSA-h7rg-6rjg-4cph
13
reference_url https://usn.ubuntu.com/7831-1/
reference_id USN-7831-1
reference_type
scores
url https://usn.ubuntu.com/7831-1/
14
reference_url https://www.erlang.org/doc/system/versions.html#order-of-versions
reference_id versions.html#order-of-versions
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/
url https://www.erlang.org/doc/system/versions.html#order-of-versions
fixed_packages
0
url pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1
purl pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c47m-8h7d-afaz
1
vulnerability VCID-gcn7-ak4r-eba3
2
vulnerability VCID-h1k4-x8vr-5bch
3
vulnerability VCID-j7t3-nrjj-pfgp
4
vulnerability VCID-s9qn-9qdm-j7ej
5
vulnerability VCID-w9yj-xg82-kyac
6
vulnerability VCID-wwcj-hwqc-f3g7
7
vulnerability VCID-zegc-rj1x-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1
aliases CVE-2025-48040
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-28fj-t5hy-x3gn
2
url VCID-c3vm-u9jn-83cs
vulnerability_id VCID-c3vm-u9jn-83cs
summary erlang: Erlang Excessive Use of System Resources
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48039.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48039.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48039
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.31511
published_at 2026-04-02T12:55:00Z
1
value 0.00123
scoring_system epss
scoring_elements 0.31553
published_at 2026-04-04T12:55:00Z
2
value 0.00149
scoring_system epss
scoring_elements 0.3542
published_at 2026-04-21T12:55:00Z
3
value 0.00149
scoring_system epss
scoring_elements 0.35472
published_at 2026-04-18T12:55:00Z
4
value 0.00156
scoring_system epss
scoring_elements 0.36422
published_at 2026-04-13T12:55:00Z
5
value 0.00156
scoring_system epss
scoring_elements 0.36443
published_at 2026-04-12T12:55:00Z
6
value 0.00156
scoring_system epss
scoring_elements 0.36479
published_at 2026-04-11T12:55:00Z
7
value 0.00156
scoring_system epss
scoring_elements 0.36471
published_at 2026-04-09T12:55:00Z
8
value 0.00156
scoring_system epss
scoring_elements 0.364
published_at 2026-04-07T12:55:00Z
9
value 0.00156
scoring_system epss
scoring_elements 0.36451
published_at 2026-04-08T12:55:00Z
10
value 0.00156
scoring_system epss
scoring_elements 0.36463
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48039
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48039
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48039
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/erlang/otp/commit/043ee3c943e2977c1acdd740ad13992fd60b6bf0
reference_id 043ee3c943e2977c1acdd740ad13992fd60b6bf0
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/
url https://github.com/erlang/otp/commit/043ee3c943e2977c1acdd740ad13992fd60b6bf0
5
reference_url https://github.com/erlang/otp/pull/10155
reference_id 10155
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/
url https://github.com/erlang/otp/pull/10155
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115092
reference_id 1115092
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115092
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2394523
reference_id 2394523
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2394523
8
reference_url https://github.com/erlang/otp/commit/c242e6458967e9514bea351814151695807a54ac
reference_id c242e6458967e9514bea351814151695807a54ac
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/
url https://github.com/erlang/otp/commit/c242e6458967e9514bea351814151695807a54ac
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
10
reference_url https://cna.erlef.org/cves/CVE-2025-48039.html
reference_id CVE-2025-48039.html
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/
url https://cna.erlef.org/cves/CVE-2025-48039.html
11
reference_url https://osv.dev/vulnerability/EEF-CVE-2025-48039
reference_id EEF-CVE-2025-48039
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/
url https://osv.dev/vulnerability/EEF-CVE-2025-48039
12
reference_url https://github.com/erlang/otp/security/advisories/GHSA-rr5p-6856-j7h8
reference_id GHSA-rr5p-6856-j7h8
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/
url https://github.com/erlang/otp/security/advisories/GHSA-rr5p-6856-j7h8
13
reference_url https://usn.ubuntu.com/7831-1/
reference_id USN-7831-1
reference_type
scores
url https://usn.ubuntu.com/7831-1/
14
reference_url https://www.erlang.org/doc/system/versions.html#order-of-versions
reference_id versions.html#order-of-versions
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/
url https://www.erlang.org/doc/system/versions.html#order-of-versions
fixed_packages
0
url pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3
purl pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1283-nvxm-r7cw
1
vulnerability VCID-28fj-t5hy-x3gn
2
vulnerability VCID-c3vm-u9jn-83cs
3
vulnerability VCID-c47m-8h7d-afaz
4
vulnerability VCID-gcn7-ak4r-eba3
5
vulnerability VCID-h1k4-x8vr-5bch
6
vulnerability VCID-j7t3-nrjj-pfgp
7
vulnerability VCID-jxzt-8wru-6yhk
8
vulnerability VCID-s9qn-9qdm-j7ej
9
vulnerability VCID-w9yj-xg82-kyac
10
vulnerability VCID-wwcj-hwqc-f3g7
11
vulnerability VCID-xcks-117s-v3dd
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u3
1
url pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1
purl pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c47m-8h7d-afaz
1
vulnerability VCID-gcn7-ak4r-eba3
2
vulnerability VCID-h1k4-x8vr-5bch
3
vulnerability VCID-j7t3-nrjj-pfgp
4
vulnerability VCID-s9qn-9qdm-j7ej
5
vulnerability VCID-w9yj-xg82-kyac
6
vulnerability VCID-wwcj-hwqc-f3g7
7
vulnerability VCID-zegc-rj1x-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1
aliases CVE-2025-48039
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c3vm-u9jn-83cs
3
url VCID-jxzt-8wru-6yhk
vulnerability_id VCID-jxzt-8wru-6yhk
summary erlang: Erlang Exhaustion of File Handles
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48041.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48041.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48041
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.31511
published_at 2026-04-02T12:55:00Z
1
value 0.00123
scoring_system epss
scoring_elements 0.31553
published_at 2026-04-04T12:55:00Z
2
value 0.00149
scoring_system epss
scoring_elements 0.3542
published_at 2026-04-21T12:55:00Z
3
value 0.00149
scoring_system epss
scoring_elements 0.35472
published_at 2026-04-18T12:55:00Z
4
value 0.00156
scoring_system epss
scoring_elements 0.36422
published_at 2026-04-13T12:55:00Z
5
value 0.00156
scoring_system epss
scoring_elements 0.36443
published_at 2026-04-12T12:55:00Z
6
value 0.00156
scoring_system epss
scoring_elements 0.36479
published_at 2026-04-11T12:55:00Z
7
value 0.00156
scoring_system epss
scoring_elements 0.36471
published_at 2026-04-09T12:55:00Z
8
value 0.00156
scoring_system epss
scoring_elements 0.364
published_at 2026-04-07T12:55:00Z
9
value 0.00156
scoring_system epss
scoring_elements 0.36451
published_at 2026-04-08T12:55:00Z
10
value 0.00156
scoring_system epss
scoring_elements 0.36463
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48041
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48041
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48041
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/erlang/otp/pull/10157
reference_id 10157
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/
url https://github.com/erlang/otp/pull/10157
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115090
reference_id 1115090
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115090
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2394520
reference_id 2394520
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2394520
7
reference_url https://github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288
reference_id 5f9af63eec4657a37663828d206517828cb9f288
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/
url https://github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
9
reference_url https://cna.erlef.org/cves/CVE-2025-48041.html
reference_id CVE-2025-48041.html
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/
url https://cna.erlef.org/cves/CVE-2025-48041.html
10
reference_url https://github.com/erlang/otp/commit/d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401
reference_id d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/
url https://github.com/erlang/otp/commit/d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401
11
reference_url https://osv.dev/vulnerability/EEF-CVE-2025-48041
reference_id EEF-CVE-2025-48041
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/
url https://osv.dev/vulnerability/EEF-CVE-2025-48041
12
reference_url https://github.com/erlang/otp/security/advisories/GHSA-79c4-cvv7-4qm3
reference_id GHSA-79c4-cvv7-4qm3
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/
url https://github.com/erlang/otp/security/advisories/GHSA-79c4-cvv7-4qm3
13
reference_url https://usn.ubuntu.com/7831-1/
reference_id USN-7831-1
reference_type
scores
url https://usn.ubuntu.com/7831-1/
14
reference_url https://www.erlang.org/doc/system/versions.html#order-of-versions
reference_id versions.html#order-of-versions
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/
url https://www.erlang.org/doc/system/versions.html#order-of-versions
fixed_packages
0
url pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3
purl pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1283-nvxm-r7cw
1
vulnerability VCID-28fj-t5hy-x3gn
2
vulnerability VCID-c3vm-u9jn-83cs
3
vulnerability VCID-c47m-8h7d-afaz
4
vulnerability VCID-gcn7-ak4r-eba3
5
vulnerability VCID-h1k4-x8vr-5bch
6
vulnerability VCID-j7t3-nrjj-pfgp
7
vulnerability VCID-jxzt-8wru-6yhk
8
vulnerability VCID-s9qn-9qdm-j7ej
9
vulnerability VCID-w9yj-xg82-kyac
10
vulnerability VCID-wwcj-hwqc-f3g7
11
vulnerability VCID-xcks-117s-v3dd
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u3
1
url pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1
purl pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c47m-8h7d-afaz
1
vulnerability VCID-gcn7-ak4r-eba3
2
vulnerability VCID-h1k4-x8vr-5bch
3
vulnerability VCID-j7t3-nrjj-pfgp
4
vulnerability VCID-s9qn-9qdm-j7ej
5
vulnerability VCID-w9yj-xg82-kyac
6
vulnerability VCID-wwcj-hwqc-f3g7
7
vulnerability VCID-zegc-rj1x-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1
aliases CVE-2025-48041
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxzt-8wru-6yhk
4
url VCID-xcks-117s-v3dd
vulnerability_id VCID-xcks-117s-v3dd
summary erlang: allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy serve
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000107.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000107.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000107
reference_id
reference_type
scores
0
value 0.00399
scoring_system epss
scoring_elements 0.60537
published_at 2026-04-01T12:55:00Z
1
value 0.00399
scoring_system epss
scoring_elements 0.60612
published_at 2026-04-02T12:55:00Z
2
value 0.00399
scoring_system epss
scoring_elements 0.60641
published_at 2026-04-04T12:55:00Z
3
value 0.00479
scoring_system epss
scoring_elements 0.65084
published_at 2026-04-11T12:55:00Z
4
value 0.00479
scoring_system epss
scoring_elements 0.65073
published_at 2026-04-12T12:55:00Z
5
value 0.00479
scoring_system epss
scoring_elements 0.65045
published_at 2026-04-13T12:55:00Z
6
value 0.00479
scoring_system epss
scoring_elements 0.65083
published_at 2026-04-16T12:55:00Z
7
value 0.00479
scoring_system epss
scoring_elements 0.65092
published_at 2026-04-18T12:55:00Z
8
value 0.00479
scoring_system epss
scoring_elements 0.65076
published_at 2026-04-21T12:55:00Z
9
value 0.00479
scoring_system epss
scoring_elements 0.65002
published_at 2026-04-07T12:55:00Z
10
value 0.00479
scoring_system epss
scoring_elements 0.65052
published_at 2026-04-08T12:55:00Z
11
value 0.00479
scoring_system epss
scoring_elements 0.65066
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000107
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000107
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000107
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115086
reference_id 1115086
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115086
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1824460
reference_id 1824460
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1824460
fixed_packages
0
url pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1
purl pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c47m-8h7d-afaz
1
vulnerability VCID-gcn7-ak4r-eba3
2
vulnerability VCID-h1k4-x8vr-5bch
3
vulnerability VCID-j7t3-nrjj-pfgp
4
vulnerability VCID-s9qn-9qdm-j7ej
5
vulnerability VCID-w9yj-xg82-kyac
6
vulnerability VCID-wwcj-hwqc-f3g7
7
vulnerability VCID-zegc-rj1x-ryau
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1
aliases CVE-2016-1000107
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xcks-117s-v3dd
Risk_score3.8
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1