Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/ceph@2:20.1.0-144?arch=el10cp
Typerpm
Namespaceredhat
Nameceph
Version2:20.1.0-144
Qualifiers
arch el10cp
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-18bk-met9-qfc9
vulnerability_id VCID-18bk-met9-qfc9
summary pybind: Improper use of Pybind
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-31884.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-31884.json
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31884
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31884
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126573
reference_id 1126573
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126573
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2389907
reference_id 2389907
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2389907
5
reference_url https://access.redhat.com/errata/RHSA-2026:2711
reference_id RHSA-2026:2711
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2711
6
reference_url https://access.redhat.com/errata/RHSA-2026:2737
reference_id RHSA-2026:2737
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2737
7
reference_url https://access.redhat.com/errata/RHSA-2026:2800
reference_id RHSA-2026:2800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2800
8
reference_url https://usn.ubuntu.com/8045-1/
reference_id USN-8045-1
reference_type
scores
url https://usn.ubuntu.com/8045-1/
fixed_packages
aliases CVE-2024-31884
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-18bk-met9-qfc9
1
url VCID-h8nr-tcb7-93em
vulnerability_id VCID-h8nr-tcb7-93em
summary 
Cross-site Scripting (XSS) in serialize-javascript
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
references
0
reference_url https://access.redhat.com/errata/RHBA-2025:0304
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHBA-2025:0304
1
reference_url https://access.redhat.com/errata/RHSA-2025:0381
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2025:0381
2
reference_url https://access.redhat.com/errata/RHSA-2025:10853
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2025:10853
3
reference_url https://access.redhat.com/errata/RHSA-2025:1334
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2025:1334
4
reference_url https://access.redhat.com/errata/RHSA-2025:1468
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2025:1468
5
reference_url https://access.redhat.com/errata/RHSA-2025:21068
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2025:21068
6
reference_url https://access.redhat.com/errata/RHSA-2025:21203
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2025:21203
7
reference_url https://access.redhat.com/errata/RHSA-2025:3870
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2025:3870
8
reference_url https://access.redhat.com/errata/RHSA-2025:4511
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2025:4511
9
reference_url https://access.redhat.com/errata/RHSA-2025:8059
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2025:8059
10
reference_url https://access.redhat.com/errata/RHSA-2025:8078
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2025:8078
11
reference_url https://access.redhat.com/errata/RHSA-2025:8233
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2025:8233
12
reference_url https://access.redhat.com/errata/RHSA-2025:8479
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2025:8479
13
reference_url https://access.redhat.com/errata/RHSA-2025:8512
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2025:8512
14
reference_url https://access.redhat.com/errata/RHSA-2025:8544
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2025:8544
15
reference_url https://access.redhat.com/errata/RHSA-2025:8551
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2025:8551
16
reference_url https://access.redhat.com/errata/RHSA-2025:9294
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2025:9294
17
reference_url https://access.redhat.com/errata/RHSA-2026:1536
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2026:1536
18
reference_url https://access.redhat.com/errata/RHSA-2026:2769
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2026:2769
19
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11831.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11831.json
20
reference_url https://access.redhat.com/security/cve/CVE-2024-11831
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/security/cve/CVE-2024-11831
21
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-11831
reference_id
reference_type
scores
0
value 0.00938
scoring_system epss
scoring_elements 0.7623
published_at 2026-04-21T12:55:00Z
1
value 0.01098
scoring_system epss
scoring_elements 0.78041
published_at 2026-04-11T12:55:00Z
2
value 0.01098
scoring_system epss
scoring_elements 0.78015
published_at 2026-04-09T12:55:00Z
3
value 0.01098
scoring_system epss
scoring_elements 0.78056
published_at 2026-04-18T12:55:00Z
4
value 0.01098
scoring_system epss
scoring_elements 0.78058
published_at 2026-04-16T12:55:00Z
5
value 0.01098
scoring_system epss
scoring_elements 0.78022
published_at 2026-04-13T12:55:00Z
6
value 0.01098
scoring_system epss
scoring_elements 0.78024
published_at 2026-04-12T12:55:00Z
7
value 0.01129
scoring_system epss
scoring_elements 0.7829
published_at 2026-04-04T12:55:00Z
8
value 0.01129
scoring_system epss
scoring_elements 0.78259
published_at 2026-04-02T12:55:00Z
9
value 0.01129
scoring_system epss
scoring_elements 0.78297
published_at 2026-04-08T12:55:00Z
10
value 0.01129
scoring_system epss
scoring_elements 0.78271
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-11831
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2312579
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2312579
23
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
24
reference_url https://github.com/yahoo/serialize-javascript
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yahoo/serialize-javascript
25
reference_url https://github.com/yahoo/serialize-javascript/commit/7f3ac252d86b802454cb43782820aea2e0f6dc25
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yahoo/serialize-javascript/commit/7f3ac252d86b802454cb43782820aea2e0f6dc25
26
reference_url https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e
27
reference_url https://github.com/yahoo/serialize-javascript/pull/173
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://github.com/yahoo/serialize-javascript/pull/173
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-11831
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-11831
29
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095767
reference_id 1095767
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095767
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:acm:2
reference_id cpe:/a:redhat:acm:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:acm:2
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:4
reference_id cpe:/a:redhat:advanced_cluster_security:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:4
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:4.4::el8
reference_id cpe:/a:redhat:advanced_cluster_security:4.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:4.4::el8
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:4.5::el8
reference_id cpe:/a:redhat:advanced_cluster_security:4.5::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:4.5::el8
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2
reference_id cpe:/a:redhat:ansible_automation_platform:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
reference_id cpe:/a:redhat:apache_camel_hawtio:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:7
reference_id cpe:/a:redhat:ceph_storage:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:7
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:7.1::el8
reference_id cpe:/a:redhat:ceph_storage:7.1::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:7.1::el8
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:7.1::el9
reference_id cpe:/a:redhat:ceph_storage:7.1::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:7.1::el9
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:8
reference_id cpe:/a:redhat:ceph_storage:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:8
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:8.1::el9
reference_id cpe:/a:redhat:ceph_storage:8.1::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:8.1::el9
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:8::el9
reference_id cpe:/a:redhat:ceph_storage:8::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:8::el9
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:9
reference_id cpe:/a:redhat:ceph_storage:9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:9
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:9.0::el10
reference_id cpe:/a:redhat:ceph_storage:9.0::el10
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:9.0::el10
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:9.0::el9
reference_id cpe:/a:redhat:ceph_storage:9.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:9.0::el9
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cryostat:3
reference_id cpe:/a:redhat:cryostat:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cryostat:3
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1
reference_id cpe:/a:redhat:discovery:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
reference_id cpe:/a:redhat:enterprise_linux:8::appstream
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb
reference_id cpe:/a:redhat:enterprise_linux:8::crb
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
reference_id cpe:/a:redhat:enterprise_linux:9::appstream
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb
reference_id cpe:/a:redhat:enterprise_linux:9::crb
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
reference_id cpe:/a:redhat:integration:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:logging:5
reference_id cpe:/a:redhat:logging:5
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:logging:5
59
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_virtualization:2
reference_id cpe:/a:redhat:migration_toolkit_virtualization:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_virtualization:2
60
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:3.11
reference_id cpe:/a:redhat:openshift:3.11
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:3.11
61
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
reference_id cpe:/a:redhat:openshift:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
62
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_ai
reference_id cpe:/a:redhat:openshift_ai
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_ai
63
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.14::el9
reference_id cpe:/a:redhat:openshift_data_foundation:4.14::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.14::el9
64
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.15::el9
reference_id cpe:/a:redhat:openshift_data_foundation:4.15::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.15::el9
65
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.16::el9
reference_id cpe:/a:redhat:openshift_data_foundation:4.16::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.16::el9
66
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.17::el9
reference_id cpe:/a:redhat:openshift_data_foundation:4.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.17::el9
67
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.18::el9
reference_id cpe:/a:redhat:openshift_data_foundation:4.18::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.18::el9
68
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_devspaces:3
reference_id cpe:/a:redhat:openshift_devspaces:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_devspaces:3
69
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_distributed_tracing:3
reference_id cpe:/a:redhat:openshift_distributed_tracing:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_distributed_tracing:3
70
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_lightspeed
reference_id cpe:/a:redhat:openshift_lightspeed
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_lightspeed
71
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1
reference_id cpe:/a:redhat:openshift_pipelines:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1
72
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.14::el8
reference_id cpe:/a:redhat:openshift_pipelines:1.14::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.14::el8
73
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.15::el8
reference_id cpe:/a:redhat:openshift_pipelines:1.15::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.15::el8
74
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.16::el8
reference_id cpe:/a:redhat:openshift_pipelines:1.16::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.16::el8
75
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.17::el8
reference_id cpe:/a:redhat:openshift_pipelines:1.17::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.17::el8
76
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.18::el9
reference_id cpe:/a:redhat:openshift_pipelines:1.18::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.18::el9
77
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.19::el9
reference_id cpe:/a:redhat:openshift_pipelines:1.19::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_pipelines:1.19::el9
78
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:optaplanner:::el6
reference_id cpe:/a:redhat:optaplanner:::el6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:optaplanner:::el6
79
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quay:3
reference_id cpe:/a:redhat:quay:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quay:3
80
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_3scale_amp:2
reference_id cpe:/a:redhat:red_hat_3scale_amp:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_3scale_amp:2
81
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
82
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1
reference_id cpe:/a:redhat:rhdh:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1
83
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_dotnet:6.0
reference_id cpe:/a:redhat:rhel_dotnet:6.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_dotnet:6.0
84
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
reference_id cpe:/a:redhat:satellite:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
85
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
reference_id cpe:/a:redhat:serverless:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
86
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_mesh:2
reference_id cpe:/a:redhat:service_mesh:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_mesh:2
87
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
reference_id cpe:/a:redhat:service_registry:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
88
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:trusted_profile_analyzer:1
reference_id cpe:/a:redhat:trusted_profile_analyzer:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:trusted_profile_analyzer:1
89
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
90
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
91
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
92
reference_url https://github.com/advisories/GHSA-76p7-773f-r4q5
reference_id GHSA-76p7-773f-r4q5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-76p7-773f-r4q5
93
reference_url https://access.redhat.com/errata/RHSA-2026:8568
reference_id RHSA-2026:8568
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:08:31Z/
url https://access.redhat.com/errata/RHSA-2026:8568
fixed_packages
aliases CVE-2024-11831, GHSA-76p7-773f-r4q5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8nr-tcb7-93em
2
url VCID-r1ah-c6z7-vyen
vulnerability_id VCID-r1ah-c6z7-vyen
summary ceph: privilege escalation by unprivileged users in a ceph-fuse mounted CephFS
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52555.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52555.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-52555
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.05524
published_at 2026-04-02T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.05542
published_at 2026-04-18T12:55:00Z
2
value 0.00021
scoring_system epss
scoring_elements 0.05595
published_at 2026-04-08T12:55:00Z
3
value 0.00021
scoring_system epss
scoring_elements 0.0562
published_at 2026-04-09T12:55:00Z
4
value 0.00021
scoring_system epss
scoring_elements 0.05591
published_at 2026-04-12T12:55:00Z
5
value 0.00021
scoring_system epss
scoring_elements 0.05584
published_at 2026-04-13T12:55:00Z
6
value 0.00021
scoring_system epss
scoring_elements 0.05532
published_at 2026-04-16T12:55:00Z
7
value 0.00021
scoring_system epss
scoring_elements 0.05559
published_at 2026-04-04T12:55:00Z
8
value 0.00021
scoring_system epss
scoring_elements 0.05558
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-52555
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52555
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52555
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108410
reference_id 1108410
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108410
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2374412
reference_id 2374412
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2374412
6
reference_url https://github.com/ceph/ceph/pull/60314
reference_id 60314
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T20:40:04Z/
url https://github.com/ceph/ceph/pull/60314
7
reference_url https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm
reference_id GHSA-89hm-qq33-2fjm
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T20:40:04Z/
url https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm
fixed_packages
aliases CVE-2025-52555
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1ah-c6z7-vyen
3
url VCID-s5gr-zsbz-xkbe
vulnerability_id VCID-s5gr-zsbz-xkbe
summary 
jwt-go allows excessive memory allocation during header parsing
### Summary

Function [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) currently splits (via a call to [strings.Split](https://pkg.go.dev/strings#Split)) its argument (which is untrusted data) on periods.

As a result, in the face of a malicious request whose _Authorization_ header consists of `Bearer ` followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: [CWE-405: Asymmetric Resource Consumption (Amplification)](https://cwe.mitre.org/data/definitions/405.html)

### Details

See [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) 

### Impact

Excessive memory allocation
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30204.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30204.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30204
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.2801
published_at 2026-04-18T12:55:00Z
1
value 0.00102
scoring_system epss
scoring_elements 0.28027
published_at 2026-04-16T12:55:00Z
2
value 0.00102
scoring_system epss
scoring_elements 0.28018
published_at 2026-04-13T12:55:00Z
3
value 0.00102
scoring_system epss
scoring_elements 0.28075
published_at 2026-04-12T12:55:00Z
4
value 0.00102
scoring_system epss
scoring_elements 0.28118
published_at 2026-04-11T12:55:00Z
5
value 0.00102
scoring_system epss
scoring_elements 0.28206
published_at 2026-04-04T12:55:00Z
6
value 0.00102
scoring_system epss
scoring_elements 0.28111
published_at 2026-04-09T12:55:00Z
7
value 0.00102
scoring_system epss
scoring_elements 0.28069
published_at 2026-04-08T12:55:00Z
8
value 0.00102
scoring_system epss
scoring_elements 0.28002
published_at 2026-04-07T12:55:00Z
9
value 0.00102
scoring_system epss
scoring_elements 0.28163
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30204
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/golang-jwt/jwt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/golang-jwt/jwt
4
reference_url https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:10:18Z/
url https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3
5
reference_url https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:10:18Z/
url https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb
6
reference_url https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:10:18Z/
url https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-30204
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-30204
8
reference_url https://security.netapp.com/advisory/ntap-20250404-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250404-0002
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2354195
reference_id 2354195
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2354195
10
reference_url https://access.redhat.com/errata/RHSA-2025:11396
reference_id RHSA-2025:11396
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11396
11
reference_url https://access.redhat.com/errata/RHSA-2025:11573
reference_id RHSA-2025:11573
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11573
12
reference_url https://access.redhat.com/errata/RHSA-2025:11669
reference_id RHSA-2025:11669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11669
13
reference_url https://access.redhat.com/errata/RHSA-2025:11749
reference_id RHSA-2025:11749
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11749
14
reference_url https://access.redhat.com/errata/RHSA-2025:13900
reference_id RHSA-2025:13900
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13900
15
reference_url https://access.redhat.com/errata/RHSA-2025:14048
reference_id RHSA-2025:14048
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14048
16
reference_url https://access.redhat.com/errata/RHSA-2025:14855
reference_id RHSA-2025:14855
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14855
17
reference_url https://access.redhat.com/errata/RHSA-2025:15332
reference_id RHSA-2025:15332
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15332
18
reference_url https://access.redhat.com/errata/RHSA-2025:15673
reference_id RHSA-2025:15673
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15673
19
reference_url https://access.redhat.com/errata/RHSA-2025:15872
reference_id RHSA-2025:15872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15872
20
reference_url https://access.redhat.com/errata/RHSA-2025:16101
reference_id RHSA-2025:16101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16101
21
reference_url https://access.redhat.com/errata/RHSA-2025:16595
reference_id RHSA-2025:16595
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16595
22
reference_url https://access.redhat.com/errata/RHSA-2025:17671
reference_id RHSA-2025:17671
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17671
23
reference_url https://access.redhat.com/errata/RHSA-2025:18241
reference_id RHSA-2025:18241
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18241
24
reference_url https://access.redhat.com/errata/RHSA-2025:18242
reference_id RHSA-2025:18242
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18242
25
reference_url https://access.redhat.com/errata/RHSA-2025:23057
reference_id RHSA-2025:23057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23057
26
reference_url https://access.redhat.com/errata/RHSA-2025:23534
reference_id RHSA-2025:23534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23534
27
reference_url https://access.redhat.com/errata/RHSA-2025:23535
reference_id RHSA-2025:23535
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23535
28
reference_url https://access.redhat.com/errata/RHSA-2025:23916
reference_id RHSA-2025:23916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23916
29
reference_url https://access.redhat.com/errata/RHSA-2025:3344
reference_id RHSA-2025:3344
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3344
30
reference_url https://access.redhat.com/errata/RHSA-2025:3411
reference_id RHSA-2025:3411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3411
31
reference_url https://access.redhat.com/errata/RHSA-2025:3503
reference_id RHSA-2025:3503
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3503
32
reference_url https://access.redhat.com/errata/RHSA-2025:3565
reference_id RHSA-2025:3565
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3565
33
reference_url https://access.redhat.com/errata/RHSA-2025:3569
reference_id RHSA-2025:3569
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3569
34
reference_url https://access.redhat.com/errata/RHSA-2025:3607
reference_id RHSA-2025:3607
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3607
35
reference_url https://access.redhat.com/errata/RHSA-2025:3616
reference_id RHSA-2025:3616
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3616
36
reference_url https://access.redhat.com/errata/RHSA-2025:3618
reference_id RHSA-2025:3618
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3618
37
reference_url https://access.redhat.com/errata/RHSA-2025:3698
reference_id RHSA-2025:3698
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3698
38
reference_url https://access.redhat.com/errata/RHSA-2025:3740
reference_id RHSA-2025:3740
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3740
39
reference_url https://access.redhat.com/errata/RHSA-2025:3743
reference_id RHSA-2025:3743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3743
40
reference_url https://access.redhat.com/errata/RHSA-2025:3775
reference_id RHSA-2025:3775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3775
41
reference_url https://access.redhat.com/errata/RHSA-2025:3790
reference_id RHSA-2025:3790
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3790
42
reference_url https://access.redhat.com/errata/RHSA-2025:3808
reference_id RHSA-2025:3808
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3808
43
reference_url https://access.redhat.com/errata/RHSA-2025:3811
reference_id RHSA-2025:3811
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3811
44
reference_url https://access.redhat.com/errata/RHSA-2025:3813
reference_id RHSA-2025:3813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3813
45
reference_url https://access.redhat.com/errata/RHSA-2025:3814
reference_id RHSA-2025:3814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3814
46
reference_url https://access.redhat.com/errata/RHSA-2025:3820
reference_id RHSA-2025:3820
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3820
47
reference_url https://access.redhat.com/errata/RHSA-2025:3905
reference_id RHSA-2025:3905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3905
48
reference_url https://access.redhat.com/errata/RHSA-2025:3906
reference_id RHSA-2025:3906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3906
49
reference_url https://access.redhat.com/errata/RHSA-2025:3907
reference_id RHSA-2025:3907
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3907
50
reference_url https://access.redhat.com/errata/RHSA-2025:3928
reference_id RHSA-2025:3928
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3928
51
reference_url https://access.redhat.com/errata/RHSA-2025:3929
reference_id RHSA-2025:3929
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3929
52
reference_url https://access.redhat.com/errata/RHSA-2025:3930
reference_id RHSA-2025:3930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3930
53
reference_url https://access.redhat.com/errata/RHSA-2025:3993
reference_id RHSA-2025:3993
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3993
54
reference_url https://access.redhat.com/errata/RHSA-2025:4008
reference_id RHSA-2025:4008
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4008
55
reference_url https://access.redhat.com/errata/RHSA-2025:4012
reference_id RHSA-2025:4012
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4012
56
reference_url https://access.redhat.com/errata/RHSA-2025:4019
reference_id RHSA-2025:4019
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4019
57
reference_url https://access.redhat.com/errata/RHSA-2025:4171
reference_id RHSA-2025:4171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4171
58
reference_url https://access.redhat.com/errata/RHSA-2025:4177
reference_id RHSA-2025:4177
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4177
59
reference_url https://access.redhat.com/errata/RHSA-2025:4188
reference_id RHSA-2025:4188
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4188
60
reference_url https://access.redhat.com/errata/RHSA-2025:4204
reference_id RHSA-2025:4204
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4204
61
reference_url https://access.redhat.com/errata/RHSA-2025:4250
reference_id RHSA-2025:4250
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4250
62
reference_url https://access.redhat.com/errata/RHSA-2025:4409
reference_id RHSA-2025:4409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4409
63
reference_url https://access.redhat.com/errata/RHSA-2025:4422
reference_id RHSA-2025:4422
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4422
64
reference_url https://access.redhat.com/errata/RHSA-2025:4462
reference_id RHSA-2025:4462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4462
65
reference_url https://access.redhat.com/errata/RHSA-2025:4473
reference_id RHSA-2025:4473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4473
66
reference_url https://access.redhat.com/errata/RHSA-2025:4502
reference_id RHSA-2025:4502
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4502
67
reference_url https://access.redhat.com/errata/RHSA-2025:4569
reference_id RHSA-2025:4569
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4569
68
reference_url https://access.redhat.com/errata/RHSA-2025:4666
reference_id RHSA-2025:4666
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4666
69
reference_url https://access.redhat.com/errata/RHSA-2025:4669
reference_id RHSA-2025:4669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4669
70
reference_url https://access.redhat.com/errata/RHSA-2025:4677
reference_id RHSA-2025:4677
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4677
71
reference_url https://access.redhat.com/errata/RHSA-2025:4810
reference_id RHSA-2025:4810
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4810
72
reference_url https://access.redhat.com/errata/RHSA-2025:7404
reference_id RHSA-2025:7404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7404
73
reference_url https://access.redhat.com/errata/RHSA-2025:7407
reference_id RHSA-2025:7407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7407
74
reference_url https://access.redhat.com/errata/RHSA-2025:7425
reference_id RHSA-2025:7425
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7425
75
reference_url https://access.redhat.com/errata/RHSA-2025:7475
reference_id RHSA-2025:7475
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7475
76
reference_url https://access.redhat.com/errata/RHSA-2025:7479
reference_id RHSA-2025:7479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7479
77
reference_url https://access.redhat.com/errata/RHSA-2025:7503
reference_id RHSA-2025:7503
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7503
78
reference_url https://access.redhat.com/errata/RHSA-2025:7702
reference_id RHSA-2025:7702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7702
79
reference_url https://access.redhat.com/errata/RHSA-2025:7967
reference_id RHSA-2025:7967
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7967
80
reference_url https://access.redhat.com/errata/RHSA-2025:8075
reference_id RHSA-2025:8075
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8075
81
reference_url https://access.redhat.com/errata/RHSA-2025:8244
reference_id RHSA-2025:8244
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8244
82
reference_url https://access.redhat.com/errata/RHSA-2025:8267
reference_id RHSA-2025:8267
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8267
83
reference_url https://access.redhat.com/errata/RHSA-2025:8384
reference_id RHSA-2025:8384
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8384
84
reference_url https://access.redhat.com/errata/RHSA-2025:8390
reference_id RHSA-2025:8390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8390
85
reference_url https://access.redhat.com/errata/RHSA-2025:8392
reference_id RHSA-2025:8392
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8392
86
reference_url https://access.redhat.com/errata/RHSA-2025:8510
reference_id RHSA-2025:8510
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8510
87
reference_url https://access.redhat.com/errata/RHSA-2025:8542
reference_id RHSA-2025:8542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8542
88
reference_url https://access.redhat.com/errata/RHSA-2025:8552
reference_id RHSA-2025:8552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8552
89
reference_url https://access.redhat.com/errata/RHSA-2025:8560
reference_id RHSA-2025:8560
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8560
90
reference_url https://access.redhat.com/errata/RHSA-2025:8691
reference_id RHSA-2025:8691
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8691
91
reference_url https://access.redhat.com/errata/RHSA-2025:9167
reference_id RHSA-2025:9167
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9167
92
reference_url https://access.redhat.com/errata/RHSA-2025:9259
reference_id RHSA-2025:9259
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9259
93
reference_url https://access.redhat.com/errata/RHSA-2025:9388
reference_id RHSA-2025:9388
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9388
94
reference_url https://access.redhat.com/errata/RHSA-2025:9541
reference_id RHSA-2025:9541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9541
95
reference_url https://access.redhat.com/errata/RHSA-2025:9646
reference_id RHSA-2025:9646
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9646
96
reference_url https://access.redhat.com/errata/RHSA-2026:2155
reference_id RHSA-2026:2155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2155
97
reference_url https://access.redhat.com/errata/RHSA-2026:2164
reference_id RHSA-2026:2164
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2164
98
reference_url https://access.redhat.com/errata/RHSA-2026:2172
reference_id RHSA-2026:2172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2172
99
reference_url https://access.redhat.com/errata/RHSA-2026:3718
reference_id RHSA-2026:3718
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3718
fixed_packages
aliases CVE-2025-30204, GHSA-mh63-6h87-95cp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s5gr-zsbz-xkbe
4
url VCID-yyye-gaug-8uh2
vulnerability_id VCID-yyye-gaug-8uh2
summary 
OCI image importer memory exhaustion in github.com/containerd/containerd
### Impact
When importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service.

### Patches

This bug has been fixed in containerd 1.6.18 and 1.5.18.  Users should update to these versions to resolve the issue.

### Workarounds

Ensure that only trusted images are used and that only trusted users have permissions to import images. 

### Credits

The containerd project would like to thank [David Korczynski](https://github.com/DavidKorczynski) and [Adam Korczynski](https://github.com/AdamKorcz) of ADA Logics for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md) during a security fuzzing audit sponsored by CNCF.

### For more information

If you have any questions or comments about this advisory:

* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)
* Email us at [security@containerd.io](mailto:security@containerd.io)

To report a security issue in containerd:
* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)
* Email us at [security@containerd.io](mailto:security@containerd.io)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25153.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25153.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25153
reference_id
reference_type
scores
0
value 0.0019
scoring_system epss
scoring_elements 0.40894
published_at 2026-04-18T12:55:00Z
1
value 0.0019
scoring_system epss
scoring_elements 0.40925
published_at 2026-04-16T12:55:00Z
2
value 0.0019
scoring_system epss
scoring_elements 0.40883
published_at 2026-04-13T12:55:00Z
3
value 0.0019
scoring_system epss
scoring_elements 0.40903
published_at 2026-04-12T12:55:00Z
4
value 0.0019
scoring_system epss
scoring_elements 0.40938
published_at 2026-04-11T12:55:00Z
5
value 0.0019
scoring_system epss
scoring_elements 0.40921
published_at 2026-04-09T12:55:00Z
6
value 0.0019
scoring_system epss
scoring_elements 0.40865
published_at 2026-04-07T12:55:00Z
7
value 0.0019
scoring_system epss
scoring_elements 0.40936
published_at 2026-04-04T12:55:00Z
8
value 0.0019
scoring_system epss
scoring_elements 0.40909
published_at 2026-04-02T12:55:00Z
9
value 0.0019
scoring_system epss
scoring_elements 0.40914
published_at 2026-04-08T12:55:00Z
10
value 0.00209
scoring_system epss
scoring_elements 0.43309
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25153
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25153
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25153
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/containerd/containerd
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd
5
reference_url https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/
url https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4
6
reference_url https://github.com/containerd/containerd/releases/tag/v1.5.18
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/
url https://github.com/containerd/containerd/releases/tag/v1.5.18
7
reference_url https://github.com/containerd/containerd/releases/tag/v1.6.18
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/
url https://github.com/containerd/containerd/releases/tag/v1.6.18
8
reference_url https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/
url https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25153
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25153
10
reference_url https://pkg.go.dev/vuln/GO-2023-1573
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2023-1573
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2174473
reference_id 2174473
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2174473
12
reference_url https://security.gentoo.org/glsa/202408-01
reference_id GLSA-202408-01
reference_type
scores
url https://security.gentoo.org/glsa/202408-01
13
reference_url https://access.redhat.com/errata/RHSA-2023:6817
reference_id RHSA-2023:6817
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6817
14
reference_url https://usn.ubuntu.com/6202-1/
reference_id USN-6202-1
reference_type
scores
url https://usn.ubuntu.com/6202-1/
fixed_packages
aliases CVE-2023-25153, GHSA-259w-8hf6-59c2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yyye-gaug-8uh2
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ceph@2:20.1.0-144%3Farch=el10cp