Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/87345?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/87345?format=api", "purl": "pkg:rpm/redhat/ceph@2:18.2.1-381?arch=el8cp", "type": "rpm", "namespace": "redhat", "name": "ceph", "version": "2:18.2.1-381", "qualifiers": { "arch": "el8cp" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64960?format=api", "vulnerability_id": "VCID-18bk-met9-qfc9", "summary": "pybind: Improper use of Pybind", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-31884.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-31884.json" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31884", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31884" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126573", "reference_id": "1126573", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126573" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389907", "reference_id": "2389907", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389907" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2711", "reference_id": "RHSA-2026:2711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2711" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2737", "reference_id": "RHSA-2026:2737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2737" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2800", "reference_id": "RHSA-2026:2800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2800" }, { "reference_url": "https://usn.ubuntu.com/8045-1/", "reference_id": "USN-8045-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8045-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2024-31884" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-18bk-met9-qfc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66482?format=api", "vulnerability_id": "VCID-1yz5-m9s7-nqdm", "summary": "rgw: RGW DoS attack with empty HTTP header in S3 object copy", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47866.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47866.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47866", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40424", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40541", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40504", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40484", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40532", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.405", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41399", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43642", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43629", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43654", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43591", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47866" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47866", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47866" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120797", "reference_id": "1120797", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120797" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392386", "reference_id": "2392386", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392386" }, { "reference_url": "https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8", "reference_id": "GHSA-mgrm-g92q-f8h8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-11T15:29:41Z/" } ], "url": "https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8" }, { "reference_url": "https://usn.ubuntu.com/8045-1/", "reference_id": "USN-8045-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8045-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2024-47866" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1yz5-m9s7-nqdm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48833?format=api", "vulnerability_id": "VCID-864e-hkby-qfh6", "summary": "Arbitrary Code Execution in underscore\nThe package `underscore` from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23358.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23358.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23358", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.7788", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77848", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77853", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77767", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77818", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77835", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77809", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77804", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77777", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77793", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77855", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.7776", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77819", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358" }, { "reference_url": "http://seclists.org/fulldisclosure/2025/Apr/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2025/Apr/14" }, { "reference_url": "https://github.com/jashkenas/underscore", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jashkenas/underscore" }, { "reference_url": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T15:48:41Z/" } ], "url": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71" }, { "reference_url": "https://github.com/jashkenas/underscore/commit/4c73526d43838ad6ab43a6134728776632adeb66", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jashkenas/underscore/commit/4c73526d43838ad6ab43a6134728776632adeb66" }, { "reference_url": "https://github.com/jashkenas/underscore/pull/2917", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jashkenas/underscore/pull/2917" }, { "reference_url": "https://github.com/jashkenas/underscore/releases/tag/1.12.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jashkenas/underscore/releases/tag/1.12.1" }, { "reference_url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1%40%3Cissues.cordova.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T15:48:41Z/" } ], "url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1%40%3Cissues.cordova.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306%40%3Cissues.cordova.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T15:48:41Z/" } ], "url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306%40%3Cissues.cordova.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba%40%3Cissues.cordova.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T15:48:41Z/" } ], "url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba%40%3Cissues.cordova.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039%40%3Cissues.cordova.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T15:48:41Z/" } ], "url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039%40%3Cissues.cordova.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf%40%3Cissues.cordova.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T15:48:41Z/" } ], "url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf%40%3Cissues.cordova.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T15:48:41Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240808-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240808-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241108-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20241108-0002" }, { "reference_url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T15:48:41Z/" } ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504" }, { "reference_url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T15:48:41Z/" } ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505" }, { "reference_url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T15:48:41Z/" } ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T15:48:41Z/" } ], "url": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4883", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T15:48:41Z/" } ], "url": "https://www.debian.org/security/2021/dsa-4883" }, { "reference_url": "https://www.npmjs.com/package/underscore", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/package/underscore" }, { "reference_url": "https://www.tenable.com/security/tns-2021-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T15:48:41Z/" } ], "url": "https://www.tenable.com/security/tns-2021-14" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286", "reference_id": "1944286", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986171", "reference_id": "986171", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986171" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/", "reference_id": "EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T15:48:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/", "reference_id": "FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T15:48:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/" }, { "reference_url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq", "reference_id": "GHSA-cf4h-3jhx-xvhq", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1448", "reference_id": "RHSA-2021:1448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2865", "reference_id": "RHSA-2021:2865", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2865" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6393", "reference_id": "RHSA-2022:6393", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6393" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2737", "reference_id": "RHSA-2026:2737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2737" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3406", "reference_id": "RHSA-2026:3406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3406" }, { "reference_url": "https://usn.ubuntu.com/4913-1/", "reference_id": "USN-4913-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4913-1/" }, { "reference_url": "https://usn.ubuntu.com/4913-2/", "reference_id": "USN-4913-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4913-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2021-23358", "GHSA-cf4h-3jhx-xvhq" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-864e-hkby-qfh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26996?format=api", "vulnerability_id": "VCID-h8nr-tcb7-93em", "summary": "Cross-site Scripting (XSS) in serialize-javascript\nA flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHBA-2025:0304", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHBA-2025:0304" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0381", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:0381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10853", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:10853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1334", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:1334" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1468", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:1468" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21068", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21203", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3870", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3870" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4511", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8059", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8078", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8233", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8233" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8479", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8512", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8544", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8551", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9294", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9294" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1536", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:1536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2769", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:2769" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11831.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11831.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-11831", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-11831" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00938", "scoring_system": "epss", "scoring_elements": "0.7623", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01098", "scoring_system": "epss", "scoring_elements": "0.78041", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01098", "scoring_system": "epss", "scoring_elements": "0.78015", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01098", "scoring_system": "epss", "scoring_elements": "0.78056", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01098", "scoring_system": "epss", "scoring_elements": "0.78058", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01098", "scoring_system": "epss", "scoring_elements": "0.78022", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01098", "scoring_system": "epss", "scoring_elements": "0.78024", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01129", "scoring_system": "epss", "scoring_elements": "0.7829", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01129", "scoring_system": "epss", "scoring_elements": "0.78259", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01129", "scoring_system": "epss", "scoring_elements": "0.78297", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01129", "scoring_system": "epss", "scoring_elements": "0.78271", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11831" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312579", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312579" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/yahoo/serialize-javascript", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yahoo/serialize-javascript" }, { "reference_url": "https://github.com/yahoo/serialize-javascript/commit/7f3ac252d86b802454cb43782820aea2e0f6dc25", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yahoo/serialize-javascript/commit/7f3ac252d86b802454cb43782820aea2e0f6dc25" }, { "reference_url": "https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e" }, { "reference_url": "https://github.com/yahoo/serialize-javascript/pull/173", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://github.com/yahoo/serialize-javascript/pull/173" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11831", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11831" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095767", "reference_id": "1095767", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095767" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:acm:2", "reference_id": "cpe:/a:redhat:acm:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:acm:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:4", "reference_id": "cpe:/a:redhat:advanced_cluster_security:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:4.4::el8", "reference_id": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:4.4::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:4.5::el8", "reference_id": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:4.5::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2", "reference_id": "cpe:/a:redhat:ansible_automation_platform:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4", "reference_id": "cpe:/a:redhat:apache_camel_hawtio:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:7", "reference_id": "cpe:/a:redhat:ceph_storage:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:7.1::el8", "reference_id": "cpe:/a:redhat:ceph_storage:7.1::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:7.1::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:7.1::el9", "reference_id": "cpe:/a:redhat:ceph_storage:7.1::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:7.1::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:8", "reference_id": "cpe:/a:redhat:ceph_storage:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:8.1::el9", "reference_id": "cpe:/a:redhat:ceph_storage:8.1::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:8.1::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:8::el9", "reference_id": "cpe:/a:redhat:ceph_storage:8::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:8::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:9", "reference_id": "cpe:/a:redhat:ceph_storage:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:9.0::el10", "reference_id": "cpe:/a:redhat:ceph_storage:9.0::el10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:9.0::el10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:9.0::el9", "reference_id": "cpe:/a:redhat:ceph_storage:9.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:9.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cryostat:3", "reference_id": "cpe:/a:redhat:cryostat:3", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cryostat:3" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1", "reference_id": "cpe:/a:redhat:discovery:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1", "reference_id": "cpe:/a:redhat:integration:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:logging:5", "reference_id": "cpe:/a:redhat:logging:5", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:logging:5" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_virtualization:2", "reference_id": "cpe:/a:redhat:migration_toolkit_virtualization:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_virtualization:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:3.11", "reference_id": "cpe:/a:redhat:openshift:3.11", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:3.11" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_ai", "reference_id": "cpe:/a:redhat:openshift_ai", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_ai" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.14::el9", "reference_id": "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.15::el9", "reference_id": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.15::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.16::el9", "reference_id": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.16::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.17::el9", "reference_id": "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.17::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.18::el9", "reference_id": "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.18::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_devspaces:3", "reference_id": "cpe:/a:redhat:openshift_devspaces:3", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_devspaces:3" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_distributed_tracing:3", "reference_id": "cpe:/a:redhat:openshift_distributed_tracing:3", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_distributed_tracing:3" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_lightspeed", "reference_id": "cpe:/a:redhat:openshift_lightspeed", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_lightspeed" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1", "reference_id": "cpe:/a:redhat:openshift_pipelines:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.14::el8", "reference_id": "cpe:/a:redhat:openshift_pipelines:1.14::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.14::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.15::el8", "reference_id": "cpe:/a:redhat:openshift_pipelines:1.15::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.15::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.16::el8", "reference_id": "cpe:/a:redhat:openshift_pipelines:1.16::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.16::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.17::el8", "reference_id": "cpe:/a:redhat:openshift_pipelines:1.17::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.17::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.18::el9", "reference_id": "cpe:/a:redhat:openshift_pipelines:1.18::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.18::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.19::el9", "reference_id": "cpe:/a:redhat:openshift_pipelines:1.19::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.19::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:optaplanner:::el6", "reference_id": "cpe:/a:redhat:optaplanner:::el6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:optaplanner:::el6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quay:3", "reference_id": "cpe:/a:redhat:quay:3", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quay:3" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_3scale_amp:2", "reference_id": "cpe:/a:redhat:red_hat_3scale_amp:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_3scale_amp:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1", "reference_id": "cpe:/a:redhat:rhdh:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_dotnet:6.0", "reference_id": "cpe:/a:redhat:rhel_dotnet:6.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_dotnet:6.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6", "reference_id": "cpe:/a:redhat:satellite:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1", "reference_id": "cpe:/a:redhat:serverless:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_mesh:2", "reference_id": "cpe:/a:redhat:service_mesh:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_mesh:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2", "reference_id": "cpe:/a:redhat:service_registry:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:trusted_profile_analyzer:1", "reference_id": "cpe:/a:redhat:trusted_profile_analyzer:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:trusted_profile_analyzer:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://github.com/advisories/GHSA-76p7-773f-r4q5", "reference_id": "GHSA-76p7-773f-r4q5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-76p7-773f-r4q5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8568", "reference_id": "RHSA-2026:8568", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8568" } ], "fixed_packages": [], "aliases": [ "CVE-2024-11831", "GHSA-76p7-773f-r4q5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h8nr-tcb7-93em" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66412?format=api", "vulnerability_id": "VCID-hay4-q9m3-ekdj", "summary": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61729.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61729.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0591", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06307", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0614", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06124", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06166", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06204", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06195", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0619", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06181", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06141", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06153", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121847", "reference_id": "1121847", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121847" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121848", "reference_id": "1121848", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121848" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "reference_id": "2418462", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462" }, { "reference_url": "https://go.dev/cl/725920", "reference_id": "725920", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:52:36Z/" } ], "url": "https://go.dev/cl/725920" }, { "reference_url": "https://go.dev/issue/76445", "reference_id": "76445", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:52:36Z/" } ], "url": "https://go.dev/issue/76445" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "reference_id": "8FJoBkPddm4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:52:36Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2025-4155", "reference_id": "GO-2025-4155", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:52:36Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2025-4155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0921", "reference_id": "RHSA-2026:0921", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0921" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0922", "reference_id": "RHSA-2026:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0923", "reference_id": "RHSA-2026:0923", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0923" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0981", "reference_id": "RHSA-2026:0981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0990", "reference_id": "RHSA-2026:0990", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0990" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1018", "reference_id": "RHSA-2026:1018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10184", "reference_id": "RHSA-2026:10184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10225", "reference_id": "RHSA-2026:10225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10250", "reference_id": "RHSA-2026:10250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1038", "reference_id": "RHSA-2026:1038", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1038" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1042", "reference_id": "RHSA-2026:1042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1166", "reference_id": "RHSA-2026:1166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1168", "reference_id": "RHSA-2026:1168", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1168" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1249", "reference_id": "RHSA-2026:1249", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1249" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1344", "reference_id": "RHSA-2026:1344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1416", "reference_id": "RHSA-2026:1416", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1416" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1431", "reference_id": "RHSA-2026:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1497", "reference_id": "RHSA-2026:1497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1506", "reference_id": "RHSA-2026:1506", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1517", "reference_id": "RHSA-2026:1517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1518", "reference_id": "RHSA-2026:1518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1518" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1715", "reference_id": "RHSA-2026:1715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1715" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1813", "reference_id": "RHSA-2026:1813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1814", "reference_id": "RHSA-2026:1814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1814" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1845", "reference_id": "RHSA-2026:1845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1896", "reference_id": "RHSA-2026:1896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1896" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1907", "reference_id": "RHSA-2026:1907", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1907" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1908", "reference_id": "RHSA-2026:1908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1908" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1938", "reference_id": "RHSA-2026:1938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1942", "reference_id": "RHSA-2026:1942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2123", "reference_id": "RHSA-2026:2123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2124", "reference_id": "RHSA-2026:2124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2133", "reference_id": "RHSA-2026:2133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2136", "reference_id": "RHSA-2026:2136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2138", "reference_id": "RHSA-2026:2138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2144", "reference_id": "RHSA-2026:2144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2146", "reference_id": "RHSA-2026:2146", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2146" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2147", "reference_id": "RHSA-2026:2147", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2148", "reference_id": "RHSA-2026:2148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2149", "reference_id": "RHSA-2026:2149", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2201", "reference_id": "RHSA-2026:2201", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2217", "reference_id": "RHSA-2026:2217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2218", "reference_id": "RHSA-2026:2218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2219", "reference_id": "RHSA-2026:2219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2223", "reference_id": "RHSA-2026:2223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2265", "reference_id": "RHSA-2026:2265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2320", "reference_id": "RHSA-2026:2320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2323", "reference_id": "RHSA-2026:2323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2323" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2334", "reference_id": "RHSA-2026:2334", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2334" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2343", "reference_id": "RHSA-2026:2343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2367", "reference_id": "RHSA-2026:2367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2371", "reference_id": "RHSA-2026:2371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2374", "reference_id": "RHSA-2026:2374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2375", "reference_id": "RHSA-2026:2375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2376", "reference_id": "RHSA-2026:2376", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2376" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2441", "reference_id": "RHSA-2026:2441", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2441" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2454", "reference_id": "RHSA-2026:2454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2456", "reference_id": "RHSA-2026:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2571", "reference_id": "RHSA-2026:2571", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2571" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2654", "reference_id": "RHSA-2026:2654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2675", "reference_id": "RHSA-2026:2675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2681", "reference_id": "RHSA-2026:2681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2754", "reference_id": "RHSA-2026:2754", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2754" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2762", "reference_id": "RHSA-2026:2762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2762" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2914", "reference_id": "RHSA-2026:2914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2914" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2920", "reference_id": "RHSA-2026:2920", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2920" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2921", "reference_id": "RHSA-2026:2921", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2921" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2922", "reference_id": "RHSA-2026:2922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2926", "reference_id": "RHSA-2026:2926", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2927", "reference_id": "RHSA-2026:2927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2951", "reference_id": "RHSA-2026:2951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3035", "reference_id": "RHSA-2026:3035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3040", "reference_id": "RHSA-2026:3040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3053", "reference_id": "RHSA-2026:3053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3053" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3087", "reference_id": "RHSA-2026:3087", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3087" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3104", "reference_id": "RHSA-2026:3104", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3104" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3107", "reference_id": "RHSA-2026:3107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3108", "reference_id": "RHSA-2026:3108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3111", "reference_id": "RHSA-2026:3111", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3184", "reference_id": "RHSA-2026:3184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3287", "reference_id": "RHSA-2026:3287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3288", "reference_id": "RHSA-2026:3288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3289", "reference_id": "RHSA-2026:3289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3291", "reference_id": "RHSA-2026:3291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3296", "reference_id": "RHSA-2026:3296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3297", "reference_id": "RHSA-2026:3297", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3297" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3298", "reference_id": "RHSA-2026:3298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3336", "reference_id": "RHSA-2026:3336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3337", "reference_id": "RHSA-2026:3337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3340", "reference_id": "RHSA-2026:3340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3341", "reference_id": "RHSA-2026:3341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3343", "reference_id": "RHSA-2026:3343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3428", "reference_id": "RHSA-2026:3428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3459", "reference_id": "RHSA-2026:3459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3506", "reference_id": "RHSA-2026:3506", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3713", "reference_id": "RHSA-2026:3713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3752", "reference_id": "RHSA-2026:3752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3753", "reference_id": "RHSA-2026:3753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3782", "reference_id": "RHSA-2026:3782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3812", "reference_id": "RHSA-2026:3812", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3815", "reference_id": "RHSA-2026:3815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3816", "reference_id": "RHSA-2026:3816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3817", "reference_id": "RHSA-2026:3817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3818", "reference_id": "RHSA-2026:3818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3820", "reference_id": "RHSA-2026:3820", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3820" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3821", "reference_id": "RHSA-2026:3821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3821" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3822", "reference_id": "RHSA-2026:3822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3827", "reference_id": "RHSA-2026:3827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3831", "reference_id": "RHSA-2026:3831", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3831" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3833", "reference_id": "RHSA-2026:3833", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3833" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3835", "reference_id": "RHSA-2026:3835", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3835" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3836", "reference_id": "RHSA-2026:3836", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3836" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3838", "reference_id": "RHSA-2026:3838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3839", "reference_id": "RHSA-2026:3839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3840", "reference_id": "RHSA-2026:3840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3841", "reference_id": "RHSA-2026:3841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3843", "reference_id": "RHSA-2026:3843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3854", "reference_id": "RHSA-2026:3854", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3854" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3864", "reference_id": "RHSA-2026:3864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3879", "reference_id": "RHSA-2026:3879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3880", "reference_id": "RHSA-2026:3880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3884", "reference_id": "RHSA-2026:3884", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3905", "reference_id": "RHSA-2026:3905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3928", "reference_id": "RHSA-2026:3928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3928" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3929", "reference_id": "RHSA-2026:3929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3930", "reference_id": "RHSA-2026:3930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3931", "reference_id": "RHSA-2026:3931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3932", "reference_id": "RHSA-2026:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3970", "reference_id": "RHSA-2026:3970", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3970" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3971", "reference_id": "RHSA-2026:3971", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3971" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3972", "reference_id": "RHSA-2026:3972", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3972" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3973", "reference_id": "RHSA-2026:3973", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3973" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3974", "reference_id": "RHSA-2026:3974", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3974" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4164", "reference_id": "RHSA-2026:4164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4166", "reference_id": "RHSA-2026:4166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4185", "reference_id": "RHSA-2026:4185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4211", "reference_id": "RHSA-2026:4211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4211" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4215", "reference_id": "RHSA-2026:4215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4270", "reference_id": "RHSA-2026:4270", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4270" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4276", "reference_id": "RHSA-2026:4276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4434", "reference_id": "RHSA-2026:4434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4464", "reference_id": "RHSA-2026:4464", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4464" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4466", "reference_id": "RHSA-2026:4466", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4466" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4467", "reference_id": "RHSA-2026:4467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4498", "reference_id": "RHSA-2026:4498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4500", "reference_id": "RHSA-2026:4500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4510", "reference_id": "RHSA-2026:4510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4753", "reference_id": "RHSA-2026:4753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4892", "reference_id": "RHSA-2026:4892", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4901", "reference_id": "RHSA-2026:4901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4907", "reference_id": "RHSA-2026:4907", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4907" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4936", "reference_id": "RHSA-2026:4936", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4936" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4939", "reference_id": "RHSA-2026:4939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4942", "reference_id": "RHSA-2026:4942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4952", "reference_id": "RHSA-2026:4952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4952" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5022", "reference_id": "RHSA-2026:5022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5030", "reference_id": "RHSA-2026:5030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5031", "reference_id": "RHSA-2026:5031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5076", "reference_id": "RHSA-2026:5076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5077", "reference_id": "RHSA-2026:5077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5078", "reference_id": "RHSA-2026:5078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5079", "reference_id": "RHSA-2026:5079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5110", "reference_id": "RHSA-2026:5110", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5146", "reference_id": "RHSA-2026:5146", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5146" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5327", "reference_id": "RHSA-2026:5327", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5327" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5394", "reference_id": "RHSA-2026:5394", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5394" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5461", "reference_id": "RHSA-2026:5461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5533", "reference_id": "RHSA-2026:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5544", "reference_id": "RHSA-2026:5544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5636", "reference_id": "RHSA-2026:5636", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5636" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5645", "reference_id": "RHSA-2026:5645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5807", "reference_id": "RHSA-2026:5807", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5807" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5851", "reference_id": "RHSA-2026:5851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5851" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5852", "reference_id": "RHSA-2026:5852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5853", "reference_id": "RHSA-2026:5853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5866", "reference_id": "RHSA-2026:5866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6184", "reference_id": "RHSA-2026:6184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6192", "reference_id": "RHSA-2026:6192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6226", "reference_id": "RHSA-2026:6226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6428", "reference_id": "RHSA-2026:6428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6568", "reference_id": "RHSA-2026:6568", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6568" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7052", "reference_id": "RHSA-2026:7052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7676", "reference_id": "RHSA-2026:7676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7676" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7854", "reference_id": "RHSA-2026:7854", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7854" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7942", "reference_id": "RHSA-2026:7942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8151", "reference_id": "RHSA-2026:8151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8167", "reference_id": "RHSA-2026:8167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8218", "reference_id": "RHSA-2026:8218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8337", "reference_id": "RHSA-2026:8337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8338", "reference_id": "RHSA-2026:8338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8433", "reference_id": "RHSA-2026:8433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9097", "reference_id": "RHSA-2026:9097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9098", "reference_id": "RHSA-2026:9098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9108", "reference_id": "RHSA-2026:9108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9109", "reference_id": "RHSA-2026:9109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9848", "reference_id": "RHSA-2026:9848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9848" } ], "fixed_packages": [], "aliases": [ "CVE-2025-61729" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hay4-q9m3-ekdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9083?format=api", "vulnerability_id": "VCID-qb4z-jzem-myee", "summary": "In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34749.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34749.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34749", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66904", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66879", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66813", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66896", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66849", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66882", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66895", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66876", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66862", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66815", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.6684", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34749" }, { "reference_url": "https://github.com/advisories/GHSA-fw3v-x4f2-v673", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fw3v-x4f2-v673" }, { "reference_url": "https://github.com/lepture/mistune", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/lepture/mistune" }, { "reference_url": "https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2" }, { "reference_url": "https://github.com/lepture/mistune/commit/ca1e7b506850f4e488823fc7338b49a8f9852718", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/lepture/mistune/commit/ca1e7b506850f4e488823fc7338b49a8f9852718" }, { "reference_url": "https://github.com/lepture/mistune/issues/314#issuecomment-1223972386", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/lepture/mistune/issues/314#issuecomment-1223972386" }, { "reference_url": "https://github.com/lepture/mistune/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/lepture/mistune/releases" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/mistune/PYSEC-2022-237.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mistune/PYSEC-2022-237.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQHXITQ2DSBYOILKHXBSBB7PFBPZHF63", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQHXITQ2DSBYOILKHXBSBB7PFBPZHF63" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34749", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34749" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016089", "reference_id": "1016089", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016089" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112230", "reference_id": "2112230", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2711", "reference_id": "RHSA-2026:2711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2711" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2737", "reference_id": "RHSA-2026:2737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2737" } ], "fixed_packages": [], "aliases": [ "CVE-2022-34749", "GHSA-fw3v-x4f2-v673", "PYSEC-2022-237" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qb4z-jzem-myee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17062?format=api", "vulnerability_id": "VCID-qp47-aewx-wufh", "summary": "Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations\n### Summary\n\nUnclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens.\n\n### Fix\n\nWe have back-ported the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release.\n\n### Workaround \n\nWe are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.\n\n```Go\ntoken, err := /* jwt.Parse or similar */\nif token.Valid {\n\tfmt.Println(\"You look nice today\")\n} else if errors.Is(err, jwt.ErrTokenMalformed) {\n\tfmt.Println(\"That's not even a token\")\n} else if errors.Is(err, jwt.ErrTokenUnverifiable) {\n\tfmt.Println(\"We could not verify this token\")\n} else if errors.Is(err, jwt.ErrTokenSignatureInvalid) {\n\tfmt.Println(\"This token has an invalid signature\")\n} else if errors.Is(err, jwt.ErrTokenExpired) || errors.Is(err, jwt.ErrTokenNotValidYet) {\n\t// Token is either expired or not active yet\n\tfmt.Println(\"Timing is everything\")\n} else {\n\tfmt.Println(\"Couldn't handle this token:\", err)\n}\n```", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51744.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51744.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51744", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18779", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18761", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18749", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18799", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1885", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18892", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18897", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18984", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19036", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1876", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18841", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51744" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/golang-jwt/jwt", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/golang-jwt/jwt" }, { "reference_url": "https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T16:11:29Z/" } ], "url": "https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c" }, { "reference_url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T16:11:29Z/" } ], "url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51744", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51744" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086792", "reference_id": "1086792", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086792" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323735", "reference_id": "2323735", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323735" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11351", "reference_id": "RHSA-2025:11351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11351" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2737", "reference_id": "RHSA-2026:2737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2737" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3406", "reference_id": "RHSA-2026:3406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3406" } ], "fixed_packages": [], "aliases": [ "CVE-2024-51744", "GHSA-29wx-vh33-7x7r" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qp47-aewx-wufh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68988?format=api", "vulnerability_id": "VCID-r1ah-c6z7-vyen", "summary": "ceph: privilege escalation by unprivileged users in a ceph-fuse mounted CephFS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52555.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52555.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-52555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05524", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05705", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0562", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05591", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05584", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05532", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05542", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05559", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05558", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05595", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-52555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52555" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108410", "reference_id": "1108410", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108410" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374412", "reference_id": "2374412", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374412" }, { "reference_url": "https://github.com/ceph/ceph/pull/60314", "reference_id": "60314", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T20:40:04Z/" } ], "url": "https://github.com/ceph/ceph/pull/60314" }, { "reference_url": "https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm", "reference_id": "GHSA-89hm-qq33-2fjm", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T20:40:04Z/" } ], "url": "https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm" } ], "fixed_packages": [], "aliases": [ "CVE-2025-52555" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r1ah-c6z7-vyen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14920?format=api", "vulnerability_id": "VCID-s6f3-3mxh-ekfr", "summary": "Predictable results in nanoid generation when given non-integer values\nWhen nanoid is called with a fractional value, there were a number of undesirable effects:\n\n1. in browser and non-secure, the code infinite loops on while (size--)\n2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled\n3. if the first call in node is a fractional argument, the initial buffer allocation fails with an error\n\nVersion 3.3.8 and 5.0.9 are fixed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55565.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55565.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55565", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.2886", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.29078", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28931", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28907", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28956", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.29001", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28997", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28955", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28887", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.29028", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28906", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55565" }, { "reference_url": "https://github.com/ai/nanoid", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ai/nanoid" }, { "reference_url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T17:19:45Z/" } ], "url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8" }, { "reference_url": "https://github.com/ai/nanoid/pull/510", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T17:19:45Z/" } ], "url": "https://github.com/ai/nanoid/pull/510" }, { "reference_url": "https://github.com/ai/nanoid/releases/tag/5.0.9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T17:19:45Z/" } ], "url": "https://github.com/ai/nanoid/releases/tag/5.0.9" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331063", "reference_id": "2331063", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331063" }, { "reference_url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55", "reference_id": "GHSA-mwcw-c2x4-8c55", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10990", "reference_id": "RHSA-2024:10990", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10990" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0079", "reference_id": "RHSA-2025:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0082", "reference_id": "RHSA-2025:0082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0340", "reference_id": "RHSA-2025:0340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0654", "reference_id": "RHSA-2025:0654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0723", "reference_id": "RHSA-2025:0723", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0723" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0778", "reference_id": "RHSA-2025:0778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0785", "reference_id": "RHSA-2025:0785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0851", "reference_id": "RHSA-2025:0851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0851" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0875", "reference_id": "RHSA-2025:0875", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0875" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0892", "reference_id": "RHSA-2025:0892", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1051", "reference_id": "RHSA-2025:1051", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1051" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1448", "reference_id": "RHSA-2025:1448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2652", "reference_id": "RHSA-2025:2652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3368", "reference_id": "RHSA-2025:3368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3374", "reference_id": "RHSA-2025:3374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3397", "reference_id": "RHSA-2025:3397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2737", "reference_id": "RHSA-2026:2737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2737" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3406", "reference_id": "RHSA-2026:3406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3406" } ], "fixed_packages": [], "aliases": [ "CVE-2024-55565", "GHSA-mwcw-c2x4-8c55" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s6f3-3mxh-ekfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66475?format=api", "vulnerability_id": "VCID-sty6-gwh1-hbcy", "summary": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47913.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47913.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47913", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01899", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02274", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02031", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02017", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02039", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02044", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11781", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11824", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11611", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11696", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11751", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47913" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47913" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943", "reference_id": "2414943", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943" }, { "reference_url": "https://go.dev/cl/700295", "reference_id": "700295", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/" } ], "url": "https://go.dev/cl/700295" }, { "reference_url": "https://go.dev/issue/75178", "reference_id": "75178", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/" } ], "url": "https://go.dev/issue/75178" }, { "reference_url": "https://github.com/advisories/GHSA-56w8-48fp-6mgv", "reference_id": "GHSA-56w8-48fp-6mgv", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/" } ], "url": "https://github.com/advisories/GHSA-56w8-48fp-6mgv" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2025-4116", "reference_id": "GO-2025-4116", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2025-4116" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22743", "reference_id": "RHSA-2025:22743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22955", "reference_id": "RHSA-2025:22955", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22955" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23028", "reference_id": "RHSA-2025:23028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23059", "reference_id": "RHSA-2025:23059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23060", "reference_id": "RHSA-2025:23060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23061", "reference_id": "RHSA-2025:23061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23061" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23064", "reference_id": "RHSA-2025:23064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23064" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23176", "reference_id": "RHSA-2025:23176", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23176" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23531", "reference_id": "RHSA-2025:23531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23546", "reference_id": "RHSA-2025:23546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0436", "reference_id": "RHSA-2026:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0437", "reference_id": "RHSA-2026:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0470", "reference_id": "RHSA-2026:0470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0527", "reference_id": "RHSA-2026:0527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0545", "reference_id": "RHSA-2026:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0753", "reference_id": "RHSA-2026:0753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1018", "reference_id": "RHSA-2026:1018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1084", "reference_id": "RHSA-2026:1084", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1084" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1942", "reference_id": "RHSA-2026:1942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2136", "reference_id": "RHSA-2026:2136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2454", "reference_id": "RHSA-2026:2454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2737", "reference_id": "RHSA-2026:2737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2737" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2922", "reference_id": "RHSA-2026:2922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3122", "reference_id": "RHSA-2026:3122", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3122" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3827", "reference_id": "RHSA-2026:3827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4215", "reference_id": "RHSA-2026:4215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4532", "reference_id": "RHSA-2026:4532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4693", "reference_id": "RHSA-2026:4693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5167", "reference_id": "RHSA-2026:5167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5222", "reference_id": "RHSA-2026:5222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6503", "reference_id": "RHSA-2026:6503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6503" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8325", "reference_id": "RHSA-2026:8325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8325" } ], "fixed_packages": [], "aliases": [ "CVE-2025-47913" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sty6-gwh1-hbcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26923?format=api", "vulnerability_id": "VCID-vzq7-t235-ukd5", "summary": "DOMPurify allows Cross-site Scripting (XSS)\nDOMPurify before 3.2.4 has an incorrect template literal regular expression when SAFE_FOR_TEMPLATES is set to true, sometimes leading to mutation cross-site scripting (mXSS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26791.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26791.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26791", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26497", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26426", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26455", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26449", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26427", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26552", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26546", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26506", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26935", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37796", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37771", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26791" }, { "reference_url": "https://ensy.zip/posts/dompurify-323-bypass", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ensy.zip/posts/dompurify-323-bypass" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/cure53/DOMPurify", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/cure53/DOMPurify" }, { "reference_url": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:30:30Z/" } ], "url": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02" }, { "reference_url": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:30:30Z/" } ], "url": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4" }, { "reference_url": "https://nsysean.github.io/posts/dompurify-323-bypass", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nsysean.github.io/posts/dompurify-323-bypass" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098325", "reference_id": "1098325", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098325" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345695", "reference_id": "2345695", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345695" }, { "reference_url": "https://ensy.zip/posts/dompurify-323-bypass/", "reference_id": "dompurify-323-bypass", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:30:30Z/" } ], "url": "https://ensy.zip/posts/dompurify-323-bypass/" }, { "reference_url": "https://nsysean.github.io/posts/dompurify-323-bypass/", "reference_id": "dompurify-323-bypass", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:30:30Z/" } ], "url": "https://nsysean.github.io/posts/dompurify-323-bypass/" }, { "reference_url": "https://github.com/advisories/GHSA-vhxf-7vqr-mrjg", "reference_id": "GHSA-vhxf-7vqr-mrjg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vhxf-7vqr-mrjg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10020", "reference_id": "RHSA-2025:10020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1875", "reference_id": "RHSA-2025:1875", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1875" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2518", "reference_id": "RHSA-2025:2518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2518" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3368", "reference_id": "RHSA-2025:3368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3397", "reference_id": "RHSA-2025:3397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3886", "reference_id": "RHSA-2025:3886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7626", "reference_id": "RHSA-2025:7626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2737", "reference_id": "RHSA-2026:2737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2737" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3406", "reference_id": "RHSA-2026:3406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3406" } ], "fixed_packages": [], "aliases": [ "CVE-2025-26791", "GHSA-vhxf-7vqr-mrjg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vzq7-t235-ukd5" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ceph@2:18.2.1-381%3Farch=el8cp" }