Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2

Type ebuild

Namespace dev-lang

Name python

Version 3.12.0_alpha1_p2

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.12.1

Latest_non_vulnerable_version 3.14.0_beta2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-4gsg-5e6s-63g4

vulnerability_id VCID-4gsg-5e6s-63g4

summary Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28861.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28861.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-28861

reference_id

reference_type

scores

value	0.01395
scoring_system	epss
scoring_elements	0.80333
published_at	2026-04-01T12:55:00Z

value	0.01395
scoring_system	epss
scoring_elements	0.8034
published_at	2026-04-02T12:55:00Z

value	0.01395
scoring_system	epss
scoring_elements	0.8036
published_at	2026-04-04T12:55:00Z

value	0.01395
scoring_system	epss
scoring_elements	0.80392
published_at	2026-04-12T12:55:00Z

value	0.01395
scoring_system	epss
scoring_elements	0.80407
published_at	2026-04-11T12:55:00Z

value	0.01395
scoring_system	epss
scoring_elements	0.80388
published_at	2026-04-09T12:55:00Z

value	0.01395
scoring_system	epss
scoring_elements	0.80378
published_at	2026-04-08T12:55:00Z

value	0.01395
scoring_system	epss
scoring_elements	0.80349
published_at	2026-04-07T12:55:00Z

value	0.01395
scoring_system	epss
scoring_elements	0.80415
published_at	2026-04-18T12:55:00Z

value	0.01395
scoring_system	epss
scoring_elements	0.80414
published_at	2026-04-16T12:55:00Z

value	0.01395
scoring_system	epss
scoring_elements	0.80385
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-28861

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2120642
reference_id	2120642
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2120642

reference_url

https://github.com/python/cpython/pull/24848

reference_id

24848

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-17T01:59:19Z/

url

https://github.com/python/cpython/pull/24848

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TRINJE3INWDVIHIABW4L2NP3RUSK7BJ/

reference_id

2TRINJE3INWDVIHIABW4L2NP3RUSK7BJ

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-17T01:59:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TRINJE3INWDVIHIABW4L2NP3RUSK7BJ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J/

reference_id

5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-17T01:59:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OABQ5CMPQETJLFHROAXDIDXCMDTNVYG/

reference_id

5OABQ5CMPQETJLFHROAXDIDXCMDTNVYG

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-17T01:59:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OABQ5CMPQETJLFHROAXDIDXCMDTNVYG/

reference_url

https://github.com/python/cpython/pull/93879

reference_id

93879

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-17T01:59:19Z/

url

https://github.com/python/cpython/pull/93879

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/

reference_id

DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-17T01:59:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPX4XHT2FGVQYLY2STT2MRVENILNZTTU/

reference_id

HPX4XHT2FGVQYLY2STT2MRVENILNZTTU

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-17T01:59:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPX4XHT2FGVQYLY2STT2MRVENILNZTTU/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I3MQT5ZE3QH5PVDJMERTBOCILHK35CBE/

reference_id

I3MQT5ZE3QH5PVDJMERTBOCILHK35CBE

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-17T01:59:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I3MQT5ZE3QH5PVDJMERTBOCILHK35CBE/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/

reference_id

IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-17T01:59:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/

reference_url

https://bugs.python.org/issue43223

reference_id

issue43223

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-17T01:59:19Z/

url

https://bugs.python.org/issue43223

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRGKPYA5YHIXQAMRIXO5DSCX7D4UUW4Q/

reference_id

KRGKPYA5YHIXQAMRIXO5DSCX7D4UUW4Q

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-17T01:59:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRGKPYA5YHIXQAMRIXO5DSCX7D4UUW4Q/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/

reference_id

OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-17T01:59:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/

reference_id

QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-17T01:59:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/

reference_url	https://access.redhat.com/errata/RHSA-2022:6766
reference_id	RHSA-2022:6766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6766

reference_url	https://access.redhat.com/errata/RHSA-2022:8353
reference_id	RHSA-2022:8353
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8353

reference_url	https://access.redhat.com/errata/RHSA-2023:0833
reference_id	RHSA-2023:0833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0833

reference_url	https://access.redhat.com/errata/RHSA-2023:2763
reference_id	RHSA-2023:2763
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2763

reference_url	https://access.redhat.com/errata/RHSA-2023:2764
reference_id	RHSA-2023:2764
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2764

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G66SRWUM36ENQ3X6LAIG7HAB27D4XJ/

reference_id

S7G66SRWUM36ENQ3X6LAIG7HAB27D4XJ

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-17T01:59:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G66SRWUM36ENQ3X6LAIG7HAB27D4XJ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZEPOPUFC42KXXSLFPZ47ZZRGPOR7SQE/

reference_id

TZEPOPUFC42KXXSLFPZ47ZZRGPOR7SQE

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-17T01:59:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZEPOPUFC42KXXSLFPZ47ZZRGPOR7SQE/

reference_url	https://usn.ubuntu.com/5629-1/
reference_id	USN-5629-1
reference_type
scores
url	https://usn.ubuntu.com/5629-1/

reference_url	https://usn.ubuntu.com/5888-1/
reference_id	USN-5888-1
reference_type
scores
url	https://usn.ubuntu.com/5888-1/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/

reference_id

WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-17T01:59:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X46T4EFTIBXZRYTGASBDEZGYJINH2OWV/

reference_id

X46T4EFTIBXZRYTGASBDEZGYJINH2OWV

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-17T01:59:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X46T4EFTIBXZRYTGASBDEZGYJINH2OWV/

fixed_packages

url	pkg:ebuild/dev-lang/python@3.8.15_p3
purl	pkg:ebuild/dev-lang/python@3.8.15_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.8.15_p3

url	pkg:ebuild/dev-lang/python@3.9.15_p3
purl	pkg:ebuild/dev-lang/python@3.9.15_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.15_p3

url	pkg:ebuild/dev-lang/python@3.10.8_p3
purl	pkg:ebuild/dev-lang/python@3.10.8_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.8_p3

url	pkg:ebuild/dev-lang/python@3.11.0_p2
purl	pkg:ebuild/dev-lang/python@3.11.0_p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.0_p2

url	pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2
purl	pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2

aliases CVE-2021-28861

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4gsg-5e6s-63g4

url VCID-a8mv-mr3q-vygz

vulnerability_id VCID-a8mv-mr3q-vygz

summary Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42919.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42919.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42919

reference_id

reference_type

scores

value	0.00034
scoring_system	epss
scoring_elements	0.09956
published_at	2026-04-02T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.0998
published_at	2026-04-13T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10002
published_at	2026-04-12T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10042
published_at	2026-04-11T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10026
published_at	2026-04-09T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09978
published_at	2026-04-08T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10004
published_at	2026-04-04T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09902
published_at	2026-04-07T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11444
published_at	2026-04-18T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11443
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42919

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42919
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42919

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2138705
reference_id	2138705
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2138705

reference_url

https://github.com/python/cpython/issues/97514

reference_id

97514

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:38:02Z/

url

https://github.com/python/cpython/issues/97514

reference_url

https://github.com/python/cpython/issues/97514#issuecomment-1310277840

reference_id

97514#issuecomment-1310277840

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:38:02Z/

url

https://github.com/python/cpython/issues/97514#issuecomment-1310277840

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKGCQPIVHEAIJ77R3RSNSQWYBUDVWDKU/

reference_id

FKGCQPIVHEAIJ77R3RSNSQWYBUDVWDKU

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:38:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKGCQPIVHEAIJ77R3RSNSQWYBUDVWDKU/

reference_url

https://security.netapp.com/advisory/ntap-20221209-0006/

reference_id

ntap-20221209-0006

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:38:02Z/

url

https://security.netapp.com/advisory/ntap-20221209-0006/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2LHWWEI5OBQ6RELULMVU6KMDYG4WZXH/

reference_id

P2LHWWEI5OBQ6RELULMVU6KMDYG4WZXH

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:38:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2LHWWEI5OBQ6RELULMVU6KMDYG4WZXH/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PI5DYIED6U26BGX5IRZWNCP6TY4M2ZGZ/

reference_id

PI5DYIED6U26BGX5IRZWNCP6TY4M2ZGZ

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:38:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PI5DYIED6U26BGX5IRZWNCP6TY4M2ZGZ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/

reference_id

QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:38:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6KGIRHSENZ4QAB234Z36HVIDTRJ3MFI/

reference_id

R6KGIRHSENZ4QAB234Z36HVIDTRJ3MFI

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:38:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6KGIRHSENZ4QAB234Z36HVIDTRJ3MFI/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/

reference_id

RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:38:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/

reference_url	https://access.redhat.com/errata/RHSA-2022:8492
reference_id	RHSA-2022:8492
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8492

reference_url	https://access.redhat.com/errata/RHSA-2022:8493
reference_id	RHSA-2022:8493
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8493

reference_url	https://usn.ubuntu.com/5713-1/
reference_id	USN-5713-1
reference_type
scores
url	https://usn.ubuntu.com/5713-1/

reference_url	https://usn.ubuntu.com/5888-1/
reference_id	USN-5888-1
reference_type
scores
url	https://usn.ubuntu.com/5888-1/

reference_url	https://usn.ubuntu.com/6891-1/
reference_id	USN-6891-1
reference_type
scores
url	https://usn.ubuntu.com/6891-1/

reference_url

https://github.com/python/cpython/compare/v3.10.8...v3.10.9

reference_id

v3.10.8...v3.10.9

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:38:02Z/

url

https://github.com/python/cpython/compare/v3.10.8...v3.10.9

reference_url

https://github.com/python/cpython/compare/v3.9.15...v3.9.16

reference_id

v3.9.15...v3.9.16

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:38:02Z/

url

https://github.com/python/cpython/compare/v3.9.15...v3.9.16

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCRKBB5Y5EWTJUNC7LK665WO64DDXSTN/

reference_id

VCRKBB5Y5EWTJUNC7LK665WO64DDXSTN

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:38:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCRKBB5Y5EWTJUNC7LK665WO64DDXSTN/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XX6LLAXGZVZ327REY6MDZRMMP47LJ53P/

reference_id

XX6LLAXGZVZ327REY6MDZRMMP47LJ53P

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:38:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XX6LLAXGZVZ327REY6MDZRMMP47LJ53P/

fixed_packages

url	pkg:ebuild/dev-lang/python@3.8.15_p3
purl	pkg:ebuild/dev-lang/python@3.8.15_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.8.15_p3

url	pkg:ebuild/dev-lang/python@3.9.15_p3
purl	pkg:ebuild/dev-lang/python@3.9.15_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.15_p3

url	pkg:ebuild/dev-lang/python@3.10.8_p3
purl	pkg:ebuild/dev-lang/python@3.10.8_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.8_p3

url	pkg:ebuild/dev-lang/python@3.11.0_p2
purl	pkg:ebuild/dev-lang/python@3.11.0_p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.0_p2

url	pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2
purl	pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2

aliases CVE-2022-42919

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a8mv-mr3q-vygz

url VCID-bqp2-x383-xqfh

vulnerability_id VCID-bqp2-x383-xqfh

summary Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-20107.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-20107.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-20107

reference_id

reference_type

scores

value	0.00905
scoring_system	epss
scoring_elements	0.75672
published_at	2026-04-01T12:55:00Z

value	0.00905
scoring_system	epss
scoring_elements	0.75675
published_at	2026-04-02T12:55:00Z

value	0.00905
scoring_system	epss
scoring_elements	0.75706
published_at	2026-04-04T12:55:00Z

value	0.00905
scoring_system	epss
scoring_elements	0.75685
published_at	2026-04-07T12:55:00Z

value	0.00905
scoring_system	epss
scoring_elements	0.75719
published_at	2026-04-08T12:55:00Z

value	0.00905
scoring_system	epss
scoring_elements	0.7573
published_at	2026-04-09T12:55:00Z

value	0.00905
scoring_system	epss
scoring_elements	0.75754
published_at	2026-04-11T12:55:00Z

value	0.00905
scoring_system	epss
scoring_elements	0.75735
published_at	2026-04-12T12:55:00Z

value	0.00905
scoring_system	epss
scoring_elements	0.75729
published_at	2026-04-13T12:55:00Z

value	0.00905
scoring_system	epss
scoring_elements	0.75767
published_at	2026-04-16T12:55:00Z

value	0.00905
scoring_system	epss
scoring_elements	0.7577
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-20107

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2075390
reference_id	2075390
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2075390

reference_url	https://access.redhat.com/errata/RHSA-2022:6457
reference_id	RHSA-2022:6457
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6457

reference_url	https://access.redhat.com/errata/RHSA-2022:6766
reference_id	RHSA-2022:6766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6766

reference_url	https://access.redhat.com/errata/RHSA-2022:7581
reference_id	RHSA-2022:7581
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7581

reference_url	https://access.redhat.com/errata/RHSA-2022:7592
reference_id	RHSA-2022:7592
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7592

reference_url	https://access.redhat.com/errata/RHSA-2022:7593
reference_id	RHSA-2022:7593
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7593

reference_url	https://access.redhat.com/errata/RHSA-2022:8353
reference_id	RHSA-2022:8353
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8353

reference_url	https://usn.ubuntu.com/5519-1/
reference_id	USN-5519-1
reference_type
scores
url	https://usn.ubuntu.com/5519-1/

reference_url	https://usn.ubuntu.com/5888-1/
reference_id	USN-5888-1
reference_type
scores
url	https://usn.ubuntu.com/5888-1/

reference_url	https://usn.ubuntu.com/6891-1/
reference_id	USN-6891-1
reference_type
scores
url	https://usn.ubuntu.com/6891-1/

fixed_packages

url	pkg:ebuild/dev-lang/python@3.8.15_p3
purl	pkg:ebuild/dev-lang/python@3.8.15_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.8.15_p3

url	pkg:ebuild/dev-lang/python@3.9.15_p3
purl	pkg:ebuild/dev-lang/python@3.9.15_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.15_p3

url	pkg:ebuild/dev-lang/python@3.10.8_p3
purl	pkg:ebuild/dev-lang/python@3.10.8_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.8_p3

url	pkg:ebuild/dev-lang/python@3.11.0_p2
purl	pkg:ebuild/dev-lang/python@3.11.0_p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.0_p2

url	pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2
purl	pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2

aliases CVE-2015-20107

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bqp2-x383-xqfh

url VCID-ewbq-2gm8-tyf5

vulnerability_id VCID-ewbq-2gm8-tyf5

summary

Buffer overflow in sponge queue functions
### Impact

The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more.

### Patches

Yes, see commit [fdc6fef0](https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a).

### Workarounds

The problem can be avoided by limiting the size of the partial input data (or partial output digest) below 2^32 - 200 bytes. Multiple calls to the queue system can be chained at a higher level to retain the original functionality. Alternatively, one can process the entire input (or produce the entire output) at once, avoiding the queuing functions altogether.

### References

See [issue #105](https://github.com/XKCP/XKCP/issues/105) for more details.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37454.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37454.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-37454

reference_id

reference_type

scores

value	0.01329
scoring_system	epss
scoring_elements	0.79943
published_at	2026-04-12T12:55:00Z

value	0.01329
scoring_system	epss
scoring_elements	0.7996
published_at	2026-04-11T12:55:00Z

value	0.01329
scoring_system	epss
scoring_elements	0.79935
published_at	2026-04-13T12:55:00Z

value	0.01329
scoring_system	epss
scoring_elements	0.79894
published_at	2026-04-02T12:55:00Z

value	0.01329
scoring_system	epss
scoring_elements	0.79915
published_at	2026-04-04T12:55:00Z

value	0.01329
scoring_system	epss
scoring_elements	0.79903
published_at	2026-04-07T12:55:00Z

value	0.01329
scoring_system	epss
scoring_elements	0.79931
published_at	2026-04-08T12:55:00Z

value	0.01329
scoring_system	epss
scoring_elements	0.7994
published_at	2026-04-09T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80446
published_at	2026-04-18T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80444
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-37454

reference_url

https://csrc.nist.gov/projects/hash-functions/sha-3-project

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/

url

https://csrc.nist.gov/projects/hash-functions/sha-3-project

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454

reference_url

https://eprint.iacr.org/2023/331

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/

url

https://eprint.iacr.org/2023/331

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/johanns/sha3/commit/5f2e8118a62831911703c8753ff2435c3b5d7312

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/johanns/sha3/commit/5f2e8118a62831911703c8753ff2435c3b5d7312

reference_url

https://github.com/johanns/sha3/issues/17

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/johanns/sha3/issues/17

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sha3/CVE-2022-37454.yml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sha3/CVE-2022-37454.yml

reference_url

https://github.com/tiran/pysha3/issues/29

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/tiran/pysha3/issues/29

reference_url

https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a

reference_url

https://github.com/XKCP/XKCP/issues/105

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/XKCP/XKCP/issues/105

reference_url

https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/

url

https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658

reference_url

https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/

url

https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/

url

https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/

reference_url

https://mouha.be/sha-3-buffer-overflow

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://mouha.be/sha-3-buffer-overflow

reference_url

https://mouha.be/sha-3-buffer-overflow/

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/

url

https://mouha.be/sha-3-buffer-overflow/

reference_url

https://news.ycombinator.com/item?id=33281106

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/

url

https://news.ycombinator.com/item?id=33281106

reference_url

https://news.ycombinator.com/item?id=35050307

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/

url

https://news.ycombinator.com/item?id=35050307

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-37454

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-37454

reference_url

https://security.gentoo.org/glsa/202305-02

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/

url

https://security.gentoo.org/glsa/202305-02

reference_url

https://www.debian.org/security/2022/dsa-5267

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/

url

https://www.debian.org/security/2022/dsa-5267

reference_url

https://www.debian.org/security/2022/dsa-5269

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/

url

https://www.debian.org/security/2022/dsa-5269

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023030
reference_id	1023030
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023030

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2140200
reference_id	2140200
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2140200

reference_url

https://github.com/advisories/GHSA-6w4m-2xhg-2658

reference_id

GHSA-6w4m-2xhg-2658

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6w4m-2xhg-2658

reference_url	https://security.gentoo.org/glsa/202211-03
reference_id	GLSA-202211-03
reference_type
scores
url	https://security.gentoo.org/glsa/202211-03

reference_url	https://access.redhat.com/errata/RHSA-2023:0848
reference_id	RHSA-2023:0848
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0848

reference_url	https://access.redhat.com/errata/RHSA-2023:0965
reference_id	RHSA-2023:0965
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0965

reference_url	https://access.redhat.com/errata/RHSA-2023:2417
reference_id	RHSA-2023:2417
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2417

reference_url	https://access.redhat.com/errata/RHSA-2023:2903
reference_id	RHSA-2023:2903
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2903

reference_url	https://usn.ubuntu.com/5717-1/
reference_id	USN-5717-1
reference_type
scores
url	https://usn.ubuntu.com/5717-1/

reference_url	https://usn.ubuntu.com/5767-1/
reference_id	USN-5767-1
reference_type
scores
url	https://usn.ubuntu.com/5767-1/

reference_url	https://usn.ubuntu.com/5767-3/
reference_id	USN-5767-3
reference_type
scores
url	https://usn.ubuntu.com/5767-3/

reference_url	https://usn.ubuntu.com/5888-1/
reference_id	USN-5888-1
reference_type
scores
url	https://usn.ubuntu.com/5888-1/

reference_url	https://usn.ubuntu.com/5930-1/
reference_id	USN-5930-1
reference_type
scores
url	https://usn.ubuntu.com/5930-1/

reference_url	https://usn.ubuntu.com/5931-1/
reference_id	USN-5931-1
reference_type
scores
url	https://usn.ubuntu.com/5931-1/

reference_url	https://usn.ubuntu.com/6524-1/
reference_id	USN-6524-1
reference_type
scores
url	https://usn.ubuntu.com/6524-1/

reference_url	https://usn.ubuntu.com/6525-1/
reference_id	USN-6525-1
reference_type
scores
url	https://usn.ubuntu.com/6525-1/

fixed_packages

url	pkg:ebuild/dev-lang/python@3.8.15_p3
purl	pkg:ebuild/dev-lang/python@3.8.15_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.8.15_p3

url	pkg:ebuild/dev-lang/python@3.9.15_p3
purl	pkg:ebuild/dev-lang/python@3.9.15_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.15_p3

url	pkg:ebuild/dev-lang/python@3.10.8_p3
purl	pkg:ebuild/dev-lang/python@3.10.8_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.8_p3

url	pkg:ebuild/dev-lang/python@3.11.0_p2
purl	pkg:ebuild/dev-lang/python@3.11.0_p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.0_p2

url	pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2
purl	pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2

aliases CVE-2022-37454, GHSA-6w4m-2xhg-2658

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ewbq-2gm8-tyf5

url VCID-pu6r-vafw-gfe4

vulnerability_id VCID-pu6r-vafw-gfe4

summary The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28363.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28363.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-28363

reference_id

reference_type

scores

value	0.00107
scoring_system	epss
scoring_elements	0.28801
published_at	2026-04-18T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28825
published_at	2026-04-16T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28804
published_at	2026-04-13T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28853
published_at	2026-04-12T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28897
published_at	2026-04-11T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28891
published_at	2026-04-09T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28851
published_at	2026-04-08T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28783
published_at	2026-04-07T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28976
published_at	2026-04-04T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28927
published_at	2026-04-02T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.2885
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-28363

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28363

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2021-59.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2021-59.yaml

reference_url

https://github.com/pypa/advisory-db/tree/main/vulns/urllib3/PYSEC-2021-59.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-db/tree/main/vulns/urllib3/PYSEC-2021-59.yaml

reference_url

https://github.com/urllib3/urllib3

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3

reference_url

https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15

reference_url

https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0

reference_url

https://github.com/urllib3/urllib3/commits/main

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/commits/main

reference_url

https://github.com/urllib3/urllib3/releases/tag/1.26.4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/releases/tag/1.26.4

reference_url

https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-28363

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-28363

reference_url

https://pypi.org/project/urllib3/1.26.4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pypi.org/project/urllib3/1.26.4

reference_url	https://pypi.org/project/urllib3/1.26.4/
reference_id
reference_type
scores
url	https://pypi.org/project/urllib3/1.26.4/

reference_url

https://security.gentoo.org/glsa/202107-36

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202107-36

reference_url

https://security.gentoo.org/glsa/202305-02

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202305-02

reference_url

https://security.netapp.com/advisory/ntap-20240621-0007

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240621-0007

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1945136
reference_id	1945136
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1945136

reference_url

https://security.archlinux.org/AVG-1691

reference_id

AVG-1691

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1691

reference_url

https://github.com/advisories/GHSA-5phf-pp7p-vc2r

reference_id

GHSA-5phf-pp7p-vc2r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5phf-pp7p-vc2r

fixed_packages

url	pkg:ebuild/dev-lang/python@3.8.15_p3
purl	pkg:ebuild/dev-lang/python@3.8.15_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.8.15_p3

url	pkg:ebuild/dev-lang/python@3.9.15_p3
purl	pkg:ebuild/dev-lang/python@3.9.15_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.15_p3

url	pkg:ebuild/dev-lang/python@3.10.8_p3
purl	pkg:ebuild/dev-lang/python@3.10.8_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.8_p3

url	pkg:ebuild/dev-lang/python@3.11.0_p2
purl	pkg:ebuild/dev-lang/python@3.11.0_p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.0_p2

url	pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2
purl	pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2

aliases CVE-2021-28363, GHSA-5phf-pp7p-vc2r, PYSEC-2021-59

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pu6r-vafw-gfe4

url VCID-qqh6-evfk-1fgy

vulnerability_id VCID-qqh6-evfk-1fgy

summary Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45061.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45061.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-45061

reference_id

reference_type

scores

value	0.00109
scoring_system	epss
scoring_elements	0.29338
published_at	2026-04-02T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29264
published_at	2026-04-08T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.292
published_at	2026-04-07T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29209
published_at	2026-04-13T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29262
published_at	2026-04-12T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29308
published_at	2026-04-11T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29304
published_at	2026-04-09T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29236
published_at	2026-04-16T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29387
published_at	2026-04-04T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31557
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-45061

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2144072
reference_id	2144072
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2144072

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/

reference_id

2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/

reference_id

35YDIWCUMWTMDBWFRAVENFH6BLB65D6S

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/

reference_id

4WBZJNSALFGMPYTINIF57HAAK46U72WQ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/

reference_id

63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/

reference_id

7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/

reference_url

https://github.com/python/cpython/issues/98433

reference_id

98433

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://github.com/python/cpython/issues/98433

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/

reference_id

B3YI6JYARWU6GULWOHNUROSACT54XFFS

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/

reference_id

B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/

reference_id

BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/

reference_id

GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/

reference_id

IN26PWZTYG6IF3APLRXQJBVACQHZUPT2

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/

reference_id

JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/

reference_id

JTYVESWVBPD57ZJC35G5722Q6TS37WSB

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/

reference_id

KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/

reference_id

LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/

reference_url

https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html

reference_id

msg00024.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html

reference_id

msg00039.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html

reference_url

https://security.netapp.com/advisory/ntap-20221209-0007/

reference_id

ntap-20221209-0007

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://security.netapp.com/advisory/ntap-20221209-0007/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/

reference_id

O67LRHDTJWH544KXB6KY4HMHQLYDXFPK

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/

reference_id

ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/

reference_id

PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/

reference_id

QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/

reference_id

QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/

reference_id

RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/

reference_id

RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/

reference_url	https://access.redhat.com/errata/RHSA-2023:0833
reference_id	RHSA-2023:0833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0833

reference_url	https://access.redhat.com/errata/RHSA-2023:0953
reference_id	RHSA-2023:0953
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0953

reference_url	https://access.redhat.com/errata/RHSA-2023:2763
reference_id	RHSA-2023:2763
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2763

reference_url	https://access.redhat.com/errata/RHSA-2023:2764
reference_id	RHSA-2023:2764
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2764

reference_url	https://access.redhat.com/errata/RHSA-2023:2860
reference_id	RHSA-2023:2860
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2860

reference_url	https://access.redhat.com/errata/RHSA-2023:6793
reference_id	RHSA-2023:6793
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6793

reference_url	https://access.redhat.com/errata/RHSA-2024:0430
reference_id	RHSA-2024:0430
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0430

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/

reference_id

RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/

reference_id

T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/

reference_id

UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/

reference_url	https://usn.ubuntu.com/5767-1/
reference_id	USN-5767-1
reference_type
scores
url	https://usn.ubuntu.com/5767-1/

reference_url	https://usn.ubuntu.com/5767-2/
reference_id	USN-5767-2
reference_type
scores
url	https://usn.ubuntu.com/5767-2/

reference_url	https://usn.ubuntu.com/5888-1/
reference_id	USN-5888-1
reference_type
scores
url	https://usn.ubuntu.com/5888-1/

reference_url	https://usn.ubuntu.com/6891-1/
reference_id	USN-6891-1
reference_type
scores
url	https://usn.ubuntu.com/6891-1/

reference_url	https://usn.ubuntu.com/7212-1/
reference_id	USN-7212-1
reference_type
scores
url	https://usn.ubuntu.com/7212-1/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/

reference_id

VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/

reference_id

X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/

reference_id

XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/

reference_id

YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/

reference_id

ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:24:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/

fixed_packages

url	pkg:ebuild/dev-lang/python@3.8.15_p3
purl	pkg:ebuild/dev-lang/python@3.8.15_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.8.15_p3

url	pkg:ebuild/dev-lang/python@3.9.15_p3
purl	pkg:ebuild/dev-lang/python@3.9.15_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.15_p3

url	pkg:ebuild/dev-lang/python@3.10.8_p3
purl	pkg:ebuild/dev-lang/python@3.10.8_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.8_p3

url	pkg:ebuild/dev-lang/python@3.11.0_p2
purl	pkg:ebuild/dev-lang/python@3.11.0_p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.0_p2

url	pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2
purl	pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2

aliases CVE-2022-45061

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqh6-evfk-1fgy

url VCID-vpwj-d49q-1uh8

vulnerability_id VCID-vpwj-d49q-1uh8

summary Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0391.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0391.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0391

reference_id

reference_type

scores

value	0.01317
scoring_system	epss
scoring_elements	0.79807
published_at	2026-04-01T12:55:00Z

value	0.01317
scoring_system	epss
scoring_elements	0.79865
published_at	2026-04-12T12:55:00Z

value	0.01317
scoring_system	epss
scoring_elements	0.79815
published_at	2026-04-02T12:55:00Z

value	0.01317
scoring_system	epss
scoring_elements	0.79886
published_at	2026-04-18T12:55:00Z

value	0.01317
scoring_system	epss
scoring_elements	0.79885
published_at	2026-04-16T12:55:00Z

value	0.01317
scoring_system	epss
scoring_elements	0.79857
published_at	2026-04-13T12:55:00Z

value	0.01317
scoring_system	epss
scoring_elements	0.79835
published_at	2026-04-04T12:55:00Z

value	0.01317
scoring_system	epss
scoring_elements	0.79823
published_at	2026-04-07T12:55:00Z

value	0.01317
scoring_system	epss
scoring_elements	0.79852
published_at	2026-04-08T12:55:00Z

value	0.01317
scoring_system	epss
scoring_elements	0.7986
published_at	2026-04-09T12:55:00Z

value	0.01317
scoring_system	epss
scoring_elements	0.79882
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0391

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2047376
reference_id	2047376
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2047376

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/

reference_id

CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T20:58:36Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/

reference_url

https://bugs.python.org/issue43882

reference_id

issue43882

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T20:58:36Z/

url

https://bugs.python.org/issue43882

reference_url

https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html

reference_id

msg00022.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T20:58:36Z/

url

https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html

reference_url

https://security.netapp.com/advisory/ntap-20220225-0009/

reference_id

ntap-20220225-0009

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T20:58:36Z/

url

https://security.netapp.com/advisory/ntap-20220225-0009/

reference_url	https://access.redhat.com/errata/RHSA-2022:1663
reference_id	RHSA-2022:1663
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1663

reference_url	https://access.redhat.com/errata/RHSA-2022:1764
reference_id	RHSA-2022:1764
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1764

reference_url	https://access.redhat.com/errata/RHSA-2022:1821
reference_id	RHSA-2022:1821
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1821

reference_url	https://access.redhat.com/errata/RHSA-2022:6457
reference_id	RHSA-2022:6457
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6457

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/

reference_id

UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T20:58:36Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/

reference_url	https://usn.ubuntu.com/5342-1/
reference_id	USN-5342-1
reference_type
scores
url	https://usn.ubuntu.com/5342-1/

reference_url	https://usn.ubuntu.com/6891-1/
reference_id	USN-6891-1
reference_type
scores
url	https://usn.ubuntu.com/6891-1/

reference_url	https://usn.ubuntu.com/USN-5342-2/
reference_id	USN-USN-5342-2
reference_type
scores
url	https://usn.ubuntu.com/USN-5342-2/

fixed_packages

url	pkg:ebuild/dev-lang/python@3.8.15_p3
purl	pkg:ebuild/dev-lang/python@3.8.15_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.8.15_p3

url	pkg:ebuild/dev-lang/python@3.9.15_p3
purl	pkg:ebuild/dev-lang/python@3.9.15_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.15_p3

url	pkg:ebuild/dev-lang/python@3.10.8_p3
purl	pkg:ebuild/dev-lang/python@3.10.8_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.8_p3

url	pkg:ebuild/dev-lang/python@3.11.0_p2
purl	pkg:ebuild/dev-lang/python@3.11.0_p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.0_p2

url	pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2
purl	pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2

aliases CVE-2022-0391

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vpwj-d49q-1uh8

url VCID-z48d-eyxz-bycq

vulnerability_id VCID-z48d-eyxz-bycq

summary Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29921.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29921.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-29921

reference_id

reference_type

scores

value	0.02048
scoring_system	epss
scoring_elements	0.83792
published_at	2026-04-01T12:55:00Z

value	0.02048
scoring_system	epss
scoring_elements	0.83891
published_at	2026-04-18T12:55:00Z

value	0.02048
scoring_system	epss
scoring_elements	0.83857
published_at	2026-04-13T12:55:00Z

value	0.02048
scoring_system	epss
scoring_elements	0.8389
published_at	2026-04-16T12:55:00Z

value	0.02048
scoring_system	epss
scoring_elements	0.83805
published_at	2026-04-02T12:55:00Z

value	0.02048
scoring_system	epss
scoring_elements	0.83819
published_at	2026-04-04T12:55:00Z

value	0.02048
scoring_system	epss
scoring_elements	0.83821
published_at	2026-04-07T12:55:00Z

value	0.02048
scoring_system	epss
scoring_elements	0.83845
published_at	2026-04-08T12:55:00Z

value	0.02048
scoring_system	epss
scoring_elements	0.83851
published_at	2026-04-09T12:55:00Z

value	0.02048
scoring_system	epss
scoring_elements	0.83868
published_at	2026-04-11T12:55:00Z

value	0.02048
scoring_system	epss
scoring_elements	0.83862
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-29921

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29921
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29921

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1957458
reference_id	1957458
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1957458

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989195
reference_id	989195
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989195

reference_url

https://security.archlinux.org/AVG-1913

reference_id

AVG-1913

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1913

reference_url	https://access.redhat.com/errata/RHSA-2021:4160
reference_id	RHSA-2021:4160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4160

reference_url	https://access.redhat.com/errata/RHSA-2021:4162
reference_id	RHSA-2021:4162
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4162

reference_url	https://usn.ubuntu.com/4973-1/
reference_id	USN-4973-1
reference_type
scores
url	https://usn.ubuntu.com/4973-1/

reference_url	https://usn.ubuntu.com/4973-2/
reference_id	USN-4973-2
reference_type
scores
url	https://usn.ubuntu.com/4973-2/

reference_url	https://usn.ubuntu.com/6891-1/
reference_id	USN-6891-1
reference_type
scores
url	https://usn.ubuntu.com/6891-1/

fixed_packages

url	pkg:ebuild/dev-lang/python@3.8.15_p3
purl	pkg:ebuild/dev-lang/python@3.8.15_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.8.15_p3

url	pkg:ebuild/dev-lang/python@3.9.15_p3
purl	pkg:ebuild/dev-lang/python@3.9.15_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.15_p3

url	pkg:ebuild/dev-lang/python@3.10.8_p3
purl	pkg:ebuild/dev-lang/python@3.10.8_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.8_p3

url	pkg:ebuild/dev-lang/python@3.11.0_p2
purl	pkg:ebuild/dev-lang/python@3.11.0_p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.0_p2

url	pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2
purl	pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2

aliases CVE-2021-29921

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z48d-eyxz-bycq

url VCID-zwuz-pgjz-rkb9

vulnerability_id VCID-zwuz-pgjz-rkb9

summary

URL Redirection to Untrusted Site ('Open Redirect')
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3654.json

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3654.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3654

reference_id

reference_type

scores

value	0.87234
scoring_system	epss
scoring_elements	0.99452
published_at	2026-04-18T12:55:00Z

value	0.87248
scoring_system	epss
scoring_elements	0.99446
published_at	2026-04-07T12:55:00Z

value	0.87248
scoring_system	epss
scoring_elements	0.99453
published_at	2026-04-16T12:55:00Z

value	0.87248
scoring_system	epss
scoring_elements	0.9945
published_at	2026-04-13T12:55:00Z

value	0.87248
scoring_system	epss
scoring_elements	0.99449
published_at	2026-04-11T12:55:00Z

value	0.87248
scoring_system	epss
scoring_elements	0.99448
published_at	2026-04-09T12:55:00Z

value	0.87248
scoring_system	epss
scoring_elements	0.99445
published_at	2026-04-04T12:55:00Z

value	0.87248
scoring_system	epss
scoring_elements	0.99444
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3654

reference_url

https://bugs.launchpad.net/nova/+bug/1927677

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/nova/+bug/1927677

reference_url

https://bugs.python.org/issue32084

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.python.org/issue32084

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1961439

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1961439

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3654
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3654

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://opendev.org/openstack/nova

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://opendev.org/openstack/nova

reference_url

https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66

reference_url

https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb

reference_url

https://security.gentoo.org/glsa/202305-02

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202305-02

reference_url

https://security.openstack.org/ossa/OSSA-2021-002.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2021-002.html

reference_url

https://www.openwall.com/lists/oss-security/2021/07/29/2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2021/07/29/2

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991441
reference_id	991441
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991441

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3654

reference_id

CVE-2021-3654

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3654

reference_url

https://github.com/advisories/GHSA-vqp6-j452-j6wp

reference_id

GHSA-vqp6-j452-j6wp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vqp6-j452-j6wp

reference_url	https://access.redhat.com/errata/RHSA-2022:0983
reference_id	RHSA-2022:0983
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0983

reference_url	https://access.redhat.com/errata/RHSA-2022:0999
reference_id	RHSA-2022:0999
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0999

reference_url	https://usn.ubuntu.com/5866-1/
reference_id	USN-5866-1
reference_type
scores
url	https://usn.ubuntu.com/5866-1/

fixed_packages

url	pkg:ebuild/dev-lang/python@3.8.15_p3
purl	pkg:ebuild/dev-lang/python@3.8.15_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.8.15_p3

url	pkg:ebuild/dev-lang/python@3.9.15_p3
purl	pkg:ebuild/dev-lang/python@3.9.15_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.15_p3

url	pkg:ebuild/dev-lang/python@3.10.8_p3
purl	pkg:ebuild/dev-lang/python@3.10.8_p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.8_p3

url	pkg:ebuild/dev-lang/python@3.11.0_p2
purl	pkg:ebuild/dev-lang/python@3.11.0_p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.0_p2

url	pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2
purl	pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2

aliases CVE-2021-3654, GHSA-vqp6-j452-j6wp

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zwuz-pgjz-rkb9

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.0_alpha1_p2

Package Instance