Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:golang/golang.org/x/crypto@0.45.0

Type golang

Namespace golang.org/x

Name crypto

Version 0.45.0

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-hu5a-ewvg-6ya7

vulnerability_id VCID-hu5a-ewvg-6ya7

summary

golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47914.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47914.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-47914

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.01345
published_at	2026-04-21T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.0127
published_at	2026-04-18T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01357
published_at	2026-04-26T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01352
published_at	2026-04-24T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02667
published_at	2026-04-29T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05652
published_at	2026-04-07T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05716
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05689
published_at	2026-04-08T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05659
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05637
published_at	2026-04-16T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05682
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05688
published_at	2026-04-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05695
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05618
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-47914

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47914
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47914

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://go.dev/cl/721960

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/

url

https://go.dev/cl/721960

reference_url

https://go.dev/issue/76364

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/

url

https://go.dev/issue/76364

reference_url

https://go.googlesource.com/crypto

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://go.googlesource.com/crypto

reference_url

https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/

url

https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-47914

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-47914

reference_url

https://pkg.go.dev/vuln/GO-2025-4135

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/

url

https://pkg.go.dev/vuln/GO-2025-4135

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121091
reference_id	1121091
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121091

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2416000
reference_id	2416000
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2416000

reference_url	https://access.redhat.com/errata/RHSA-2026:6503
reference_id	RHSA-2026:6503
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6503

fixed_packages

url	pkg:golang/golang.org/x/crypto@0.45.0
purl	pkg:golang/golang.org/x/crypto@0.45.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/golang.org/x/crypto@0.45.0

aliases CVE-2025-47914, GHSA-f6x5-jh6r-wrfv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hu5a-ewvg-6ya7

url VCID-jwxs-gteb-kfg5

vulnerability_id VCID-jwxs-gteb-kfg5

summary

golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58181.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58181.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-58181

reference_id

reference_type

scores

value	0.00031
scoring_system	epss
scoring_elements	0.0881
published_at	2026-04-21T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11172
published_at	2026-04-26T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11214
published_at	2026-04-24T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11149
published_at	2026-04-18T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.13874
published_at	2026-04-29T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25089
published_at	2026-04-09T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25009
published_at	2026-04-13T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25063
published_at	2026-04-12T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25205
published_at	2026-04-04T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24975
published_at	2026-04-07T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25044
published_at	2026-04-08T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25103
published_at	2026-04-11T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25163
published_at	2026-04-02T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25018
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-58181

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58181
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58181

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://go.dev/cl/721961

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/

url

https://go.dev/cl/721961

reference_url

https://go.dev/issue/76363

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/

url

https://go.dev/issue/76363

reference_url

https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/

url

https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-58181

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-58181

reference_url

https://pkg.go.dev/vuln/GO-2025-4134

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/

url

https://pkg.go.dev/vuln/GO-2025-4134

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121092
reference_id	1121092
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121092

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2415997
reference_id	2415997
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2415997

reference_url	https://access.redhat.com/errata/RHSA-2026:6503
reference_id	RHSA-2026:6503
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6503

reference_url	https://usn.ubuntu.com/7956-1/
reference_id	USN-7956-1
reference_type
scores
url	https://usn.ubuntu.com/7956-1/

fixed_packages

url	pkg:golang/golang.org/x/crypto@0.45.0
purl	pkg:golang/golang.org/x/crypto@0.45.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/golang.org/x/crypto@0.45.0

aliases CVE-2025-58181, GHSA-j5w8-q4qc-rx2x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwxs-gteb-kfg5

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:golang/golang.org/x/crypto@0.45.0

Package Instance