Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/68056?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/68056?format=api", "purl": "pkg:nuget/SixLabors.ImageSharp@2.1.7", "type": "nuget", "namespace": "", "name": "SixLabors.ImageSharp", "version": "2.1.7", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/261401?format=api", "vulnerability_id": "VCID-47jb-w584-ske8", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.67213", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41131" }, { "reference_url": "https://github.com/SixLabors/ImageSharp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/SixLabors/ImageSharp" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-22T20:46:35Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-22T20:46:35Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/pull/2754", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-22T20:46:35Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/pull/2754" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/pull/2756", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-22T20:46:35Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/pull/2756" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41131", "reference_id": "CVE-2024-41131", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41131" }, { "reference_url": "https://github.com/advisories/GHSA-63p8-c4ww-9cg7", "reference_id": "GHSA-63p8-c4ww-9cg7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-63p8-c4ww-9cg7" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7", "reference_id": "GHSA-63p8-c4ww-9cg7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-22T20:46:35Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82252?format=api", "purl": "pkg:nuget/SixLabors.ImageSharp@2.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8nsc-3jyq-aqf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/SixLabors.ImageSharp@2.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/82253?format=api", "purl": "pkg:nuget/SixLabors.ImageSharp@3.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8nsc-3jyq-aqf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/SixLabors.ImageSharp@3.1.5" } ], "aliases": [ "CVE-2024-41131", "GHSA-63p8-c4ww-9cg7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-47jb-w584-ske8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/306604?format=api", "vulnerability_id": "VCID-8nsc-3jyq-aqf3", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56547", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54575" }, { "reference_url": "https://github.com/SixLabors/ImageSharp", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/SixLabors/ImageSharp" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/commit/55e49262df9a057dff9b7807ed1b7bdb49187c3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T19:59:26Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/commit/55e49262df9a057dff9b7807ed1b7bdb49187c3f" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/commit/833f3ceec35af6b775950e06f03b934546cefbf6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T19:59:26Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/commit/833f3ceec35af6b775950e06f03b934546cefbf6" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/issues/2953", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T19:59:26Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/issues/2953" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-rxmq-m78w-7wmc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T19:59:26Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-rxmq-m78w-7wmc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54575", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54575" }, { "reference_url": "https://github.com/advisories/GHSA-rxmq-m78w-7wmc", "reference_id": "GHSA-rxmq-m78w-7wmc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rxmq-m78w-7wmc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195576?format=api", "purl": "pkg:nuget/SixLabors.ImageSharp@2.1.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/SixLabors.ImageSharp@2.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/195577?format=api", "purl": "pkg:nuget/SixLabors.ImageSharp@3.1.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/SixLabors.ImageSharp@3.1.11" } ], "aliases": [ "CVE-2025-54575", "GHSA-rxmq-m78w-7wmc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8nsc-3jyq-aqf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/261402?format=api", "vulnerability_id": "VCID-dpg2-7xtb-xyh8", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41132", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70872", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41132" }, { "reference_url": "https://docs.sixlabors.com/articles/imagesharp/security.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T16:48:46Z/" } ], "url": "https://docs.sixlabors.com/articles/imagesharp/security.html" }, { "reference_url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T16:48:46Z/" } ], "url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands" }, { "reference_url": "https://github.com/SixLabors/ImageSharp", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/SixLabors/ImageSharp" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T16:48:46Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T16:48:46Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T16:48:46Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/pull/2759", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T16:48:46Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/pull/2759" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/pull/2764", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T16:48:46Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/pull/2764" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/pull/2770", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T16:48:46Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/pull/2770" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41132", "reference_id": "CVE-2024-41132", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41132" }, { "reference_url": "https://github.com/advisories/GHSA-qxrv-gp6x-rc23", "reference_id": "GHSA-qxrv-gp6x-rc23", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qxrv-gp6x-rc23" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23", "reference_id": "GHSA-qxrv-gp6x-rc23", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T16:48:46Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82252?format=api", "purl": "pkg:nuget/SixLabors.ImageSharp@2.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8nsc-3jyq-aqf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/SixLabors.ImageSharp@2.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/82253?format=api", "purl": "pkg:nuget/SixLabors.ImageSharp@3.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8nsc-3jyq-aqf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/SixLabors.ImageSharp@3.1.5" } ], "aliases": [ "CVE-2024-41132", "GHSA-qxrv-gp6x-rc23" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dpg2-7xtb-xyh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19897?format=api", "vulnerability_id": "VCID-gcpx-jqtm-q7a4", "summary": "SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value\nA vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw.\n\nThis flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32035", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42169", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32035" }, { "reference_url": "https://docs.sixlabors.com/articles/imagesharp/security.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:24:51Z/" } ], "url": "https://docs.sixlabors.com/articles/imagesharp/security.html" }, { "reference_url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:24:51Z/" } ], "url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands" }, { "reference_url": "https://github.com/SixLabors/ImageSharp", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/SixLabors/ImageSharp" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:24:51Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:24:51Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32035", "reference_id": "CVE-2024-32035", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32035" }, { "reference_url": "https://github.com/advisories/GHSA-g85r-6x2q-45w7", "reference_id": "GHSA-g85r-6x2q-45w7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g85r-6x2q-45w7" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7", "reference_id": "GHSA-g85r-6x2q-45w7", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:24:51Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68586?format=api", "purl": "pkg:nuget/SixLabors.ImageSharp@2.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-47jb-w584-ske8" }, { "vulnerability": "VCID-8nsc-3jyq-aqf3" }, { "vulnerability": "VCID-dpg2-7xtb-xyh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/SixLabors.ImageSharp@2.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/68587?format=api", "purl": "pkg:nuget/SixLabors.ImageSharp@3.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-47jb-w584-ske8" }, { "vulnerability": "VCID-8nsc-3jyq-aqf3" }, { "vulnerability": "VCID-dpg2-7xtb-xyh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/SixLabors.ImageSharp@3.1.4" } ], "aliases": [ "CVE-2024-32035", "GHSA-g85r-6x2q-45w7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gcpx-jqtm-q7a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19893?format=api", "vulnerability_id": "VCID-ycje-anar-kfcy", "summary": "SixLabors.ImageSharp vulnerable to data leakage\nA data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32036", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61632", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32036" }, { "reference_url": "https://github.com/SixLabors/ImageSharp", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/SixLabors/ImageSharp" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:48:40Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:48:40Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32036", "reference_id": "CVE-2024-32036", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32036" }, { "reference_url": "https://github.com/advisories/GHSA-5x7m-6737-26cr", "reference_id": "GHSA-5x7m-6737-26cr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5x7m-6737-26cr" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr", "reference_id": "GHSA-5x7m-6737-26cr", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:48:40Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68586?format=api", "purl": "pkg:nuget/SixLabors.ImageSharp@2.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-47jb-w584-ske8" }, { "vulnerability": "VCID-8nsc-3jyq-aqf3" }, { "vulnerability": "VCID-dpg2-7xtb-xyh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/SixLabors.ImageSharp@2.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/68587?format=api", "purl": "pkg:nuget/SixLabors.ImageSharp@3.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-47jb-w584-ske8" }, { "vulnerability": "VCID-8nsc-3jyq-aqf3" }, { "vulnerability": "VCID-dpg2-7xtb-xyh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/SixLabors.ImageSharp@3.1.4" } ], "aliases": [ "CVE-2024-32036", "GHSA-5x7m-6737-26cr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ycje-anar-kfcy" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19610?format=api", "vulnerability_id": "VCID-mxmw-k9mg-tkgh", "summary": "Use After Free in SixLabors.ImageSharp\n### Impact\nA heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure.\n\n### Patches\nThe problem has been patched. All users are advised to upgrade to v3.1.3 or v2.1.7.\n\n### Workarounds\nNone\n\n### References\nNone", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17959", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27929" }, { "reference_url": "https://github.com/SixLabors/ImageSharp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/SixLabors/ImageSharp" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/pull/2688", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/SixLabors/ImageSharp/pull/2688" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27929", "reference_id": "CVE-2024-27929", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27929" }, { "reference_url": "https://github.com/advisories/GHSA-65x7-c272-7g7r", "reference_id": "GHSA-65x7-c272-7g7r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-65x7-c272-7g7r" }, { "reference_url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r", "reference_id": "GHSA-65x7-c272-7g7r", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-06T16:16:14Z/" } ], "url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68056?format=api", "purl": "pkg:nuget/SixLabors.ImageSharp@2.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-47jb-w584-ske8" }, { "vulnerability": "VCID-8nsc-3jyq-aqf3" }, { "vulnerability": "VCID-dpg2-7xtb-xyh8" }, { "vulnerability": "VCID-gcpx-jqtm-q7a4" }, { "vulnerability": "VCID-ycje-anar-kfcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/SixLabors.ImageSharp@2.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/68055?format=api", "purl": "pkg:nuget/SixLabors.ImageSharp@3.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-47jb-w584-ske8" }, { "vulnerability": "VCID-8nsc-3jyq-aqf3" }, { "vulnerability": "VCID-dpg2-7xtb-xyh8" }, { "vulnerability": "VCID-gcpx-jqtm-q7a4" }, { "vulnerability": "VCID-ycje-anar-kfcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/SixLabors.ImageSharp@3.1.3" } ], "aliases": [ "CVE-2024-27929", "GHSA-65x7-c272-7g7r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxmw-k9mg-tkgh" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/SixLabors.ImageSharp@2.1.7" }