Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/python3.9@3.9.25-2?arch=el9_7

Type rpm

Namespace redhat

Name python3.9

Version 3.9.25-2

Qualifiers

arch	el9_7

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-8hug-fhhb-sbgt

vulnerability_id

VCID-8hug-fhhb-sbgt

summary

python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5642.json

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5642.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-5642

reference_id

reference_type

scores

value	0.00161
scoring_system	epss
scoring_elements	0.36944
published_at	2026-04-13T12:55:00Z

value	0.00161
scoring_system	epss
scoring_elements	0.3697
published_at	2026-04-12T12:55:00Z

value	0.00161
scoring_system	epss
scoring_elements	0.37004
published_at	2026-04-11T12:55:00Z

value	0.00161
scoring_system	epss
scoring_elements	0.36996
published_at	2026-04-09T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40497
published_at	2026-04-07T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40548
published_at	2026-04-08T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41002
published_at	2026-04-24T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41184
published_at	2026-04-02T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41214
published_at	2026-04-04T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41215
published_at	2026-04-16T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41186
published_at	2026-04-18T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41113
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-5642

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5642
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5642

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/python/cpython/issues/121227

reference_id

121227

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/

url

https://github.com/python/cpython/issues/121227

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2294682
reference_id	2294682
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2294682

reference_url

https://github.com/python/cpython/pull/23014

reference_id

23014

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/

url

https://github.com/python/cpython/pull/23014

reference_url

https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e

reference_id

39258d3595300bc7b952854c915f63ae2d4b9c3e

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/

url

https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e

reference_url

http://www.openwall.com/lists/oss-security/2024/06/28/4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/

url

http://www.openwall.com/lists/oss-security/2024/06/28/4

reference_url

https://github.com/python/cpython/commit/a2cdbb6e8188ba9ba8b356b28d91bff60e86fe31

reference_id

a2cdbb6e8188ba9ba8b356b28d91bff60e86fe31

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/

url

https://github.com/python/cpython/commit/a2cdbb6e8188ba9ba8b356b28d91bff60e86fe31

reference_url

https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html

reference_id

cve-2024-5535-openssl-memory-safety.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/

url

https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html

reference_url

https://security.netapp.com/advisory/ntap-20240726-0005/

reference_id

ntap-20240726-0005

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/

url

https://security.netapp.com/advisory/ntap-20240726-0005/

reference_url

https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/

reference_id

PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/

url

https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/

reference_url	https://access.redhat.com/errata/RHSA-2025:23342
reference_id	RHSA-2025:23342
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23342

reference_url	https://access.redhat.com/errata/RHSA-2025:23530
reference_id	RHSA-2025:23530
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23530

reference_url	https://access.redhat.com/errata/RHSA-2026:0414
reference_id	RHSA-2026:0414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0414

reference_url	https://access.redhat.com/errata/RHSA-2026:0685
reference_id	RHSA-2026:0685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0685

reference_url	https://access.redhat.com/errata/RHSA-2026:1652
reference_id	RHSA-2026:1652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1652

fixed_packages

aliases

CVE-2024-5642

risk_score

3.0

exploitability

0.5

weighted_severity

5.9

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-8hug-fhhb-sbgt

url

VCID-emaw-jmek-9bcy

vulnerability_id

VCID-emaw-jmek-9bcy

summary

cpython: Python HTMLParser quadratic complexity

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6069.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6069.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6069

reference_id

reference_type

scores

value	0.00283
scoring_system	epss
scoring_elements	0.51588
published_at	2026-04-02T12:55:00Z

value	0.00306
scoring_system	epss
scoring_elements	0.5389
published_at	2026-04-11T12:55:00Z

value	0.00306
scoring_system	epss
scoring_elements	0.53842
published_at	2026-04-09T12:55:00Z

value	0.00306
scoring_system	epss
scoring_elements	0.53844
published_at	2026-04-08T12:55:00Z

value	0.00306
scoring_system	epss
scoring_elements	0.53818
published_at	2026-04-04T12:55:00Z

value	0.00306
scoring_system	epss
scoring_elements	0.53792
published_at	2026-04-07T12:55:00Z

value	0.00306
scoring_system	epss
scoring_elements	0.53873
published_at	2026-04-12T12:55:00Z

value	0.00864
scoring_system	epss
scoring_elements	0.75159
published_at	2026-04-24T12:55:00Z

value	0.00864
scoring_system	epss
scoring_elements	0.75086
published_at	2026-04-13T12:55:00Z

value	0.00864
scoring_system	epss
scoring_elements	0.75123
published_at	2026-04-16T12:55:00Z

value	0.00864
scoring_system	epss
scoring_elements	0.7513
published_at	2026-04-18T12:55:00Z

value	0.00864
scoring_system	epss
scoring_elements	0.7512
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6069

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6069
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6069

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109376
reference_id	1109376
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109376

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118430
reference_id	1118430
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118430

reference_url

https://github.com/python/cpython/issues/135462

reference_id

135462

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/

url

https://github.com/python/cpython/issues/135462

reference_url

https://github.com/python/cpython/pull/135464

reference_id

135464

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/

url

https://github.com/python/cpython/pull/135464

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2373234
reference_id	2373234
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2373234

reference_url

https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949

reference_id

4455cbabf991e202185a25a631af206f60bbc949

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/

url

https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949

reference_url

https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41

reference_id

6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/

url

https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41

reference_url

https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49

reference_id

8d1b3dfa09135affbbf27fb8babcf3c11415df49

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/

url

https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49

reference_url

https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5

reference_id

ab0893fd5c579d9cea30841680e6d35fc478afb5

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/

url

https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5

reference_url

https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b

reference_id

d851f8e258c7328814943e923a7df81bca15df4b

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/

url

https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b

reference_url

https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc

reference_id

f3c6f882cddc8dc30320d2e73edf019e201394fc

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/

url

https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc

reference_url

https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15

reference_id

fdc9d214c01cb4588f540cfa03726bbf2a33fc15

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/

url

https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15

reference_url

https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/

reference_id

K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/

url

https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/

reference_url	https://access.redhat.com/errata/RHSA-2025:23342
reference_id	RHSA-2025:23342
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23342

reference_url	https://access.redhat.com/errata/RHSA-2025:23530
reference_id	RHSA-2025:23530
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23530

reference_url	https://access.redhat.com/errata/RHSA-2026:0414
reference_id	RHSA-2026:0414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0414

reference_url	https://access.redhat.com/errata/RHSA-2026:0685
reference_id	RHSA-2026:0685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0685

reference_url	https://access.redhat.com/errata/RHSA-2026:1652
reference_id	RHSA-2026:1652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1652

reference_url	https://access.redhat.com/errata/RHSA-2026:1858
reference_id	RHSA-2026:1858
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1858

reference_url	https://usn.ubuntu.com/7710-1/
reference_id	USN-7710-1
reference_type
scores
url	https://usn.ubuntu.com/7710-1/

fixed_packages

aliases

CVE-2025-6069

risk_score

1.9

exploitability

0.5

weighted_severity

3.9

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-emaw-jmek-9bcy

url

VCID-fcsb-dn49-47gy

vulnerability_id

VCID-fcsb-dn49-47gy

summary

python: Quadratic complexity in os.path.expandvars() with user-controlled template

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6075.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6075.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6075

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05701
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05661
published_at	2026-04-02T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0576
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05734
published_at	2026-04-08T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05694
published_at	2026-04-07T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08587
published_at	2026-04-24T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08574
published_at	2026-04-21T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08553
published_at	2026-04-12T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08536
published_at	2026-04-13T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08429
published_at	2026-04-16T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08414
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6075

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126777
reference_id	1126777
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126777

reference_url

https://github.com/python/cpython/issues/136065

reference_id

136065

reference_type

scores

value	1.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/

url

https://github.com/python/cpython/issues/136065

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2408891
reference_id	2408891
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2408891

reference_url

https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c

reference_id

2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c

reference_type

scores

value	1.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/

url

https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c

reference_url

https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427

reference_id

5dceb93486176e6b4a6d9754491005113eb23427

reference_type

scores

value	1.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/

url

https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427

reference_url

https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84

reference_id

631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84

reference_type

scores

value	1.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/

url

https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84

reference_url

https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca

reference_id

892747b4cf0f95ba8beb51c0d0658bfaa381ebca

reference_type

scores

value	1.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/

url

https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca

reference_url

https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742

reference_id

9ab89c026aa9611c4b0b67c288b8303a480fe742

reference_type

scores

value	1.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/

url

https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742

reference_url

https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba

reference_id

c8a5f3435c342964e0a432cc9fb448b7dbecd1ba

reference_type

scores

value	1.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/

url

https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba

reference_url

https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c

reference_id

f029e8db626ddc6e3a3beea4eff511a71aaceb5c

reference_type

scores

value	1.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/

url

https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c

reference_url

https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/

reference_id

IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA

reference_type

scores

value	1.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/

url

https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/

reference_url	https://access.redhat.com/errata/RHSA-2025:23342
reference_id	RHSA-2025:23342
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23342

reference_url	https://access.redhat.com/errata/RHSA-2025:23530
reference_id	RHSA-2025:23530
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23530

reference_url	https://access.redhat.com/errata/RHSA-2026:0414
reference_id	RHSA-2026:0414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0414

reference_url	https://access.redhat.com/errata/RHSA-2026:0685
reference_id	RHSA-2026:0685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0685

reference_url	https://access.redhat.com/errata/RHSA-2026:1652
reference_id	RHSA-2026:1652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1652

reference_url	https://access.redhat.com/errata/RHSA-2026:7443
reference_id	RHSA-2026:7443
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7443

reference_url	https://access.redhat.com/errata/RHSA-2026:7661
reference_id	RHSA-2026:7661
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7661

reference_url	https://access.redhat.com/errata/RHSA-2026:8822
reference_id	RHSA-2026:8822
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8822

reference_url	https://access.redhat.com/errata/RHSA-2026:8824
reference_id	RHSA-2026:8824
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8824

reference_url	https://usn.ubuntu.com/7886-1/
reference_id	USN-7886-1
reference_type
scores
url	https://usn.ubuntu.com/7886-1/

reference_url	https://usn.ubuntu.com/7886-2/
reference_id	USN-7886-2
reference_type
scores
url	https://usn.ubuntu.com/7886-2/

fixed_packages

aliases

CVE-2025-6075

risk_score

1.8

exploitability

0.5

weighted_severity

3.6

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-fcsb-dn49-47gy

url

VCID-znkr-fxtj-4uc7

vulnerability_id

VCID-znkr-fxtj-4uc7

summary

cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8291.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8291.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-8291

reference_id

reference_type

scores

value	0.00114
scoring_system	epss
scoring_elements	0.30092
published_at	2026-04-02T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29835
published_at	2026-04-24T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.3014
published_at	2026-04-04T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29954
published_at	2026-04-07T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.30015
published_at	2026-04-08T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.30049
published_at	2026-04-09T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.30055
published_at	2026-04-11T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.3001
published_at	2026-04-12T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29961
published_at	2026-04-13T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29977
published_at	2026-04-16T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29956
published_at	2026-04-18T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.2991
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-8291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8291

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118431
reference_id	1118431
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118431

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118432
reference_id	1118432
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118432

reference_url

https://github.com/python/cpython/issues/139700

reference_id

139700

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/

url

https://github.com/python/cpython/issues/139700

reference_url

https://github.com/python/cpython/pull/139702

reference_id

139702

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/

url

https://github.com/python/cpython/pull/139702

reference_url

https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267

reference_id

162997bb70e067668c039700141770687bc8f267

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/

url

https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267

reference_url

https://github.com/python/cpython/commit/1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46

reference_id

1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/

url

https://github.com/python/cpython/commit/1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2402342
reference_id	2402342
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2402342

reference_url

https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6

reference_id

333d4a6f4967d3ace91492a39ededbcf3faa76a6

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/

url

https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6

reference_url

https://github.com/python/cpython/commit/76437ac248ad8ca44e9bf697b02b1e2241df2196

reference_id

76437ac248ad8ca44e9bf697b02b1e2241df2196

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/

url

https://github.com/python/cpython/commit/76437ac248ad8ca44e9bf697b02b1e2241df2196

reference_url

https://github.com/python/cpython/commit/8392b2f0d35678407d9ce7d95655a5b77de161b4

reference_id

8392b2f0d35678407d9ce7d95655a5b77de161b4

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/

url

https://github.com/python/cpython/commit/8392b2f0d35678407d9ce7d95655a5b77de161b4

reference_url

https://github.com/python/cpython/commit/bca11ae7d575d87ed93f5dd6a313be6246e3e388

reference_id

bca11ae7d575d87ed93f5dd6a313be6246e3e388

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/

url

https://github.com/python/cpython/commit/bca11ae7d575d87ed93f5dd6a313be6246e3e388

reference_url

https://github.com/python/cpython/commit/d11e69d6203080e3ec450446bfed0516727b85c3

reference_id

d11e69d6203080e3ec450446bfed0516727b85c3

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/

url

https://github.com/python/cpython/commit/d11e69d6203080e3ec450446bfed0516727b85c3

reference_url

https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/

reference_id

QECOPWMTH4VPPJAXAH2BGTA4XADOP62G

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/

url

https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/

reference_url	https://access.redhat.com/errata/RHSA-2025:23323
reference_id	RHSA-2025:23323
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23323

reference_url	https://access.redhat.com/errata/RHSA-2025:23342
reference_id	RHSA-2025:23342
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23342

reference_url	https://access.redhat.com/errata/RHSA-2025:23530
reference_id	RHSA-2025:23530
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23530

reference_url	https://access.redhat.com/errata/RHSA-2025:23940
reference_id	RHSA-2025:23940
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23940

reference_url	https://access.redhat.com/errata/RHSA-2026:0123
reference_id	RHSA-2026:0123
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0123

reference_url	https://access.redhat.com/errata/RHSA-2026:0353
reference_id	RHSA-2026:0353
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0353

reference_url	https://access.redhat.com/errata/RHSA-2026:0354
reference_id	RHSA-2026:0354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0354

reference_url	https://access.redhat.com/errata/RHSA-2026:0355
reference_id	RHSA-2026:0355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0355

reference_url	https://access.redhat.com/errata/RHSA-2026:0414
reference_id	RHSA-2026:0414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0414

reference_url	https://access.redhat.com/errata/RHSA-2026:0685
reference_id	RHSA-2026:0685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0685

reference_url	https://access.redhat.com/errata/RHSA-2026:1652
reference_id	RHSA-2026:1652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1652

reference_url	https://access.redhat.com/errata/RHSA-2026:1858
reference_id	RHSA-2026:1858
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1858

reference_url	https://access.redhat.com/errata/RHSA-2026:7443
reference_id	RHSA-2026:7443
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7443

reference_url	https://access.redhat.com/errata/RHSA-2026:7661
reference_id	RHSA-2026:7661
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7661

reference_url	https://access.redhat.com/errata/RHSA-2026:8822
reference_id	RHSA-2026:8822
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8822

reference_url	https://access.redhat.com/errata/RHSA-2026:8824
reference_id	RHSA-2026:8824
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8824

reference_url	https://usn.ubuntu.com/7886-1/
reference_id	USN-7886-1
reference_type
scores
url	https://usn.ubuntu.com/7886-1/

reference_url	https://usn.ubuntu.com/7886-2/
reference_id	USN-7886-2
reference_type
scores
url	https://usn.ubuntu.com/7886-2/

fixed_packages

aliases

CVE-2025-8291

risk_score

1.9

exploitability

0.5

weighted_severity

3.9

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-znkr-fxtj-4uc7

Fixing_vulnerabilities

Risk_score 3.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.9@3.9.25-2%3Farch=el9_7

Package Instance